0
Sponsored Links


Ad by Google
Well security is always a major concern not only for your application, but in all the aspect we need security. From to open an account to locking your playing room every where security is required. Your bankers always says that never hints someone about your password of your account. Same way you should never hints someone about your application deployed server details such as which server, what is the version of server etc.

Ok, while working with Apache Tomcat, often you will see the tomcat version, if you are trying to access some resources which are not available at your deployed application server. For example see the screen shot.



From the screen shot it is very clear that if someone is trying to access a resource from your server which is not exist, he/she will get the tomcat version detail, which is again a security breach. So always hide your server version.

How to Override Apache Tomcat Version

To override tomcat version you will need to create a file ServerInfo.properties inside tomcat_home\lib\org\apache\catalina\util\ folder.

Note: tomcat_home is a tomcat directory where your tomcat is placed.

Inside tomcat_home\lib folder you will not found any org folder, you have to create a org folder same way apache\catalina\util folders.

Ok we have done level 1 we have created \org\apache\catalina\util folders inside lib folder of apache tomcat.
Now the level2, Create a file ServerInfo.properties inside tomcat_home\lib\org\apache\catalina\util\ folder and override the value of server.info key. For example server.info=Apache Server Version X
That's it. Now if someone is trying to access the resource which is actually not available on the targeted server. It will hide the actual tomcat version with Apache Server Version X message. See the screenshot




That's it :)
Sponsored Links

0 comments:

Post a Comment