Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes JBoss/WildFly and the fly likes How to prevent Jboss webserver fingerprinting? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "How to prevent Jboss webserver fingerprinting?" Watch "How to prevent Jboss webserver fingerprinting?" New topic
Author

How to prevent Jboss webserver fingerprinting?

manto kumar
Greenhorn

Joined: Jan 10, 2012
Posts: 10
How to prevent jboss webserver version detection in jboss 4.x.x?
Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5812
    
    7

Not sure if this is what you are asking for, but you could edit the X-Powered-By param value in the global web.xml file. In 4.2.x it is located at server/xxx/deploy/jboss-web.deployer/conf/web.xml.


JBoss In Action
manto kumar
Greenhorn

Joined: Jan 10, 2012
Posts: 10
Basically i want to stop the jboss version from getting reflected in the response header of the http response of my website. But am unable to do so.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
So you've changed the header mentioned by Peter, but that didn't do what you wanted to do? What, exactly, do you want to accomplish?
manto kumar
Greenhorn

Joined: Jan 10, 2012
Posts: 10
Thanks Peter, As you said,the X-Powered by tag can be removed by that.

@Peter And @Tim :: There is also a tag called "Server:Apache-Coyote/1.1"....
Since this gives the hacker the info that a Apache server is being used and its vulnerabilities can be exploited, Is there a way this tag also can be removed?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to prevent Jboss webserver fingerprinting?
 
Similar Threads
Putting Multi Dimentional Array into a session in JSP
Making installable exe
Preventing Passivation of statefull bean
deadlock
When to not use EJB