Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent Jboss webserver fingerprinting?

 
manto kumar
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to prevent jboss webserver version detection in jboss 4.x.x?
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if this is what you are asking for, but you could edit the X-Powered-By param value in the global web.xml file. In 4.2.x it is located at server/xxx/deploy/jboss-web.deployer/conf/web.xml.
 
manto kumar
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Basically i want to stop the jboss version from getting reflected in the response header of the http response of my website. But am unable to do so.
 
Tim Moores
Bartender
Pie
Posts: 2495
9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So you've changed the header mentioned by Peter, but that didn't do what you wanted to do? What, exactly, do you want to accomplish?
 
manto kumar
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Peter, As you said,the X-Powered by tag can be removed by that.

@Peter And @Tim :: There is also a tag called "Server:Apache-Coyote/1.1"....
Since this gives the hacker the info that a Apache server is being used and its vulnerabilities can be exploited, Is there a way this tag also can be removed?
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic