Hide Tomcat Version Error Page
Contents |
number from the error pages? Answer: Apache Tomcat server is for Java Servlet and JSP. When you call a page that doesn't exist in the tomcat server, or when an existing page returns an error, the tomcat hardening checklist tomcat server will display the version number as shown below. This might be a security
Securing Tomcat 8
risk, especially if you are running an old Tomcat server that has some known exploits. For some reason, if you can't upgrade the tomcat showserverinfo Tomcat server to the latest version, and you just want to hide the version number from the error pages, do the steps mentioned below. Go to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory under here. In the following example,
How To Disable Tomcat Home Page
/home/tomcat is the $CATALINA_HOME cd /home/tomcat/lib mkdir -p org/apache/catalina/util Go to this newly created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like. cd org/apache/catalina/util $ vi ServerInfo.properties server.info=Apache Tomcat Version X Afer this restart the tomcat server. cd $CATALINA_HOME/bin ./catalina.sh stop ./catalina.sh start Now, if you go the error page, you'll not see the tomcat version number. Instead, you'll see tomcat default error page the text you've set for the server.info parameter. After you do the above, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below. $ $CATALINA_HOME/bin/version.sh .. Server version: Apache Tomcat/7.0.35 Server number: 7.0.35.0 .. Tweet >Add your comment If you enjoyed this article, you might also like.. 50 Linux Sysadmin Tutorials 50 Most Frequently Used Linux Commands (With Examples) Top 25 Best Linux Performance Monitoring and Debugging Tools Mommy, I found it! – 15 Practical Linux Find Command Examples Linux 101 Hacks 2nd Edition eBook Awk Introduction – 7 Awk Print Examples Advanced Sed Substitution Examples 8 Essential Vim Editor Navigation Fundamentals 25 Most Frequently Used Linux IPTables Rules Examples Turbocharge PuTTY with 12 Powerful Add-Ons { 10 comments… add one } Sys. student August 15, 2013, 8:39 am How to install tomcat from the beginning on a cPanel server (CentOS 6.x 64-bit with cPanel installed) ? Link John August 15, 2013, 9:37 pm Thanks. How can I do the same thing for Apache webserver? Link sugatang itlog August 16, 2013, 12:00 am John, in you apache config (httpd.conf for CentOS), change the following to this … and reload or restart apache. ServerTokens Prod ServerSignature Off thanks and more power TheGeekStuff! Link Bernhard August 17, 2013, 5:12 am There are severa
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers
Tomcat Error Page
or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x
How To Hide Apache Tomcat Version Number From Error Pages
Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it tomcat web.xml error-page only takes a minute: Sign up Which is the best way to mask / hide tomcat version from error pages? up vote 7 down vote favorite 1 Could somebody please let me know which of the following two approaches is http://www.thegeekstuff.com/2013/08/hide-tomcat-version-number recommended and why : Make the necessary changes to ServerInfo.properties Define "error-page" in web.xml tomcat version share|improve this question edited Feb 15 '10 at 17:12 BalusC 684k20824802695 asked Feb 15 '10 at 14:18 user41536 234156 add a comment| 3 Answers 3 active oldest votes up vote 4 down vote I'd make the changes to ServerInfo.properties regardless - there may be other places to get the ServerInfo.properties version information than only error pages. (Maybe someone leaves up the default home page, http://stackoverflow.com/questions/2266475/which-is-the-best-way-to-mask-hide-tomcat-version-from-error-pages samples, etc. and these may have it.) Define error pages in your web app if you want - a quicker option may be to globally change your default error pages by specifying it in CATALINA_HOME/conf/web.xml - this will use your new specified error pages by default even if a developer forgets to specify error pages for their app. share|improve this answer answered Feb 15 '10 at 14:48 Nate 13.2k23250 add a comment| up vote 4 down vote Changing ServerInfo.properties is the most secure. If you for example have deployed a webapp on http://example.com/contextname, one could still get a 404 by http://example.com/blah or so. One could also get it programmatically by using a robot to Send a request with an unsupported method (which returns 503 error page). That said, I honestly don't see any valid reasons to hide Tomcat version from it. This information actually adds no value for "normal users". It also doesn't stop any hacker from trying everything to get it down or exploit security holes (if there were any...). They don't worry about whether the version is displayed or not. For the "normal users" I would still use a custom error page which is a bit more integrated in the style of the webapp in question so that it is less "scary" and thus improves user experience. share|improve this answer edited Feb 16 '10 at 1:17 answered Feb 15 '10 at 17:09 BalusC 684k20824802695 add a co
is from @letsencrypt 8monthsago @CNBCNumbers Would you please talk about Spain, notably ETF EWP? 2yearsago @CNBCNumbers Thanks very much for your video. You https://coolpandaca.wordpress.com/2012/07/18/how-to-hind-tomcat-version-information/ guys have done a wonderful jobs. Love the rich info in both fundamental and technical. 2yearsago @CNBCNUMBERS Can you guys talk about natural gas futures? 2yearsago @infrabot It https://coderanch.com/t/85909/Tomcat/disable-tomcat-version-display has been 22 hours since the wiki is down. Anyone knows when it will be back? 3yearsago Follow @coolpandacaBlog Stats 47,172 hits Top Posts HSCP, UDT, UDP error page a better way of SCP and file transfer over the network 前奥运冠军李东华 Install and Configure Shibboleth in CentOS 6 (Idp and SP) How to hide Tomcat version information Apache mpm worker, prefork, mod_php mod_fcgid mod_fastcgi php-fpm and Nginx 菜鸟买店记 --- kelvin_zhao Apache, Nginx and PHP Security Invalidate/Delete a Cookie? Not as simple as you thought. 发生在加拿大的真实故事:我居然给gay看上了! hide tomcat version Search interface for Nutch, Solr Server Recent Posts A phishing site comes withhttps Invalidate/Delete a Cookie? Not as simple as youthought. Faster your email apps and get latest email from Gmail using POPprotocol How to stop mysql fromstartup 孙悟空答央视记者问,此文可获普利策奖 zt Categories Blogging (16) 瘦身 2007 (2) 转贴 (118) Feeling (176) Hobbies (1) Investment Research (3) My Investment (7) My News (22) Organizations (1) Saint John 之行 (2) Travel (1) Uncategorized (118) Useful Tools (2) Work Notes (19) 原创 (24) 多伦多之行 (14) 中国新闻 (1) Top Clicksfailover.co.za/2012/01/29…chinasmile.net/forums/sho… How to hide Tomcat versioninformation Posted: July 18, 2012 in Uncategorized 2 Exspose your server type and server version may not a good idea due to the security reason. In previous entries, I have talked about hiding version for Apache HTTP and Nginx.Here is about Apache Tomcat. There are some information about how to do it in tomcat5. In tomcat6 and tomcat7, they are slightly different. In my opinion, the best way is to change the ServerInfo, there i
This Site Careers Other all forums Forum: Tomcat disable tomcat version display shivani anand Ranch Hand Posts: 155 posted 10 years ago Hi, Right now when I type certail url which is using tomcat I get 404 error and also apache tomcat version . Due to security reason we do not want to display apache tomcat version. Could anyone please let me know how to disable this? thanks SA Theodore Casser Ranch Hand Posts: 1902 I like... posted 10 years ago Best suggestion I can offer off the top of my head would be to write custom error pages for each application you're hosting, and a generic one for the entire server. For the entire server, you're going to want to include this code in your $CATALINA_HOME/conf/web.xml file to block 404 errors (for example):