Hide Tomcat Version Default Error Page
Contents |
number from the error pages? Answer: Apache Tomcat server is for Java Servlet and JSP. tomcat hardening checklist When you call a page that doesn't exist in the tomcat securing tomcat 8 server, or when an existing page returns an error, the tomcat server will display the version
Disable Tomcat Manager
number as shown below. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits. For some reason, if
Tomcat Showserverinfo
you can't upgrade the Tomcat server to the latest version, and you just want to hide the version number from the error pages, do the steps mentioned below. Go to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory under here. In the following example, /home/tomcat is the $CATALINA_HOME cd /home/tomcat/lib mkdir -p org/apache/catalina/util Go to this newly how to disable tomcat home page created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like. cd org/apache/catalina/util $ vi ServerInfo.properties server.info=Apache Tomcat Version X Afer this restart the tomcat server. cd $CATALINA_HOME/bin ./catalina.sh stop ./catalina.sh start Now, if you go the error page, you'll not see the tomcat version number. Instead, you'll see the text you've set for the server.info parameter. After you do the above, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below. $ $CATALINA_HOME/bin/version.sh .. Server version: Apache Tomcat/7.0.35 Server number: 7.0.35.0 .. Tweet >Add your comment If you enjoyed this article, you might also like.. 50 Linux Sysadmin Tutorials 50 Most Frequently Used Linux Commands (With Examples) Top 25 Best Linux Performance Monitoring and Debugging Tools Mommy, I found it! – 15 Practical Linux Find Command Examples Linux 101 Hacks 2nd Edi
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn
Tomcat Default Error Page
more about Stack Overflow the company Business Learn more about hiring developers or tomcat security manager posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community tomcat error page Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Which is the best way to mask / hide tomcat http://www.thegeekstuff.com/2013/08/hide-tomcat-version-number version from error pages? up vote 7 down vote favorite 1 Could somebody please let me know which of the following two approaches is recommended and why : Make the necessary changes to ServerInfo.properties Define "error-page" in web.xml tomcat version share|improve this question edited Feb 15 '10 at 17:12 BalusC 684k20824802695 asked Feb 15 '10 at 14:18 user41536 234156 add a comment| 3 Answers 3 active oldest votes http://stackoverflow.com/questions/2266475/which-is-the-best-way-to-mask-hide-tomcat-version-from-error-pages up vote 4 down vote I'd make the changes to ServerInfo.properties regardless - there may be other places to get the ServerInfo.properties version information than only error pages. (Maybe someone leaves up the default home page, samples, etc. and these may have it.) Define error pages in your web app if you want - a quicker option may be to globally change your default error pages by specifying it in CATALINA_HOME/conf/web.xml - this will use your new specified error pages by default even if a developer forgets to specify error pages for their app. share|improve this answer answered Feb 15 '10 at 14:48 Nate 13.2k23250 add a comment| up vote 4 down vote Changing ServerInfo.properties is the most secure. If you for example have deployed a webapp on http://example.com/contextname, one could still get a 404 by http://example.com/blah or so. One could also get it programmatically by using a robot to Send a request with an unsupported method (which returns 503 error page). That said, I honestly don't see any valid reasons to hide Tomcat version from it. This information actually adds no value for "normal users". It also doesn't stop any hacker from trying everything to get it down or exploit se
("Apache Tomcat/6.0.20") by somesetting in server.xml / Connector on version 6.0.20.But http://grokbase.com/t/tomcat/users/101fm1je78/hide-tomcat-version-from-default-error-page I have not been able to find any such http://tomcat.10.x6.nabble.com/Hide-Tomcat-Version-From-Default-Error-Page-td2109782.html setting in the docs (like here:http://tomcat.apache.org/tomcat-6.0-doc/config/http.html) or anywhere else.Any ideas?Thanks--MB--View this message in context: http://old.nabble.com/Hide-Tomcat-Version-From-Default-Error-Page-tp27180665p27180665.htmlSent from the Tomcat - User mailing list archive at Nabble.com.---------------------------------------------------------------------To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.orgFor additional commands, e-mail: users-help@tomcat.apache.org reply Tweet Search Discussions Search error page All Groups users 9 responses Oldest Nested Caldarale, Charles R The paranoid among us should look at the server attribute for : http://tomcat.apache.org/tomcat-6.0-doc/config/http.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you default error page received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: Caldarale, Charles R at Jan 15, 2010 at 5:41 pm ⇧ From: massive.boissonSubject: Hide Tomcat Version From Default Error PageI read that I can hide server version ("Apache Tomcat/6.0.20") by somesetting in server.xml / Connector on version 6.0.20.The paranoid among us should look at the server attribute for
| Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Hide Tomcat Version From Default Error Page Hi, I read that I can hide server version ("Apache Tomcat/6.0.20") by some setting in server.xml / Connector on version 6.0.20. But I have not been able to find any such setting in the docs (like here: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html) or anywhere else. Any ideas? Thanks --MB Caldarale, Charles R Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ RE: Hide Tomcat Version From Default Error Page > From: massive.boisson [mailto:[hidden email]] > Subject: Hide Tomcat Version From Default Error Page > > I read that I can hide server version ("Apache Tomcat/6.0.20") by some > setting in server.xml / Connector on version 6.0.20. The paranoid among us should look at the server attribute for