This week's book giveaway is in the Other Languages forum.
We're giving away four copies of Functional Reactive Programming and have Stephen Blackheath and Anthony Jones on-line!
See this thread for details.
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent Jboss webserver fingerprinting?

 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How to prevent jboss webserver version detection in jboss 4.x.x?
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if this is what you are asking for, but you could edit the X-Powered-By param value in the global web.xml file. In 4.2.x it is located at server/xxx/deploy/jboss-web.deployer/conf/web.xml.
 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Basically i want to stop the jboss version from getting reflected in the response header of the http response of my website. But am unable to do so.
 
Tim Moores
Bartender
Posts: 2951
46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So you've changed the header mentioned by Peter, but that didn't do what you wanted to do? What, exactly, do you want to accomplish?
 
manto kumar
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Peter, As you said,the X-Powered by tag can be removed by that.

@Peter And @Tim :: There is also a tag called "Server:Apache-Coyote/1.1"....
Since this gives the hacker the info that a Apache server is being used and its vulnerabilities can be exploited, Is there a way this tag also can be removed?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic