This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent Jboss webserver fingerprinting?

 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to prevent jboss webserver version detection in jboss 4.x.x?
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if this is what you are asking for, but you could edit the X-Powered-By param value in the global web.xml file. In 4.2.x it is located at server/xxx/deploy/jboss-web.deployer/conf/web.xml.
 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Basically i want to stop the jboss version from getting reflected in the response header of the http response of my website. But am unable to do so.
 
Tim Moores
Bartender
Posts: 2685
36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So you've changed the header mentioned by Peter, but that didn't do what you wanted to do? What, exactly, do you want to accomplish?
 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Peter, As you said,the X-Powered by tag can be removed by that.

@Peter And @Tim :: There is also a tag called "Server:Apache-Coyote/1.1"....
Since this gives the hacker the info that a Apache server is being used and its vulnerabilities can be exploited, Is there a way this tag also can be removed?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic