• State Not Answered
  • Replies 1 reply
  • Subscribers 10 subscribers
  • Views 6675 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Administration

I'm trying to configure JBOSS to remove the Server header in the response. B

prestonb
I'm trying to configure JBOSS to remove the Server header in the response. By default it shows:

HTTP/1.1 200 OK
Date: Fri, 20 Mar 2015 18:45:36 GMT
Server: Apache-Coyote/1.1

This setting in standalone.xml produces the output shown below:

<property name="org.apache.coyote.http11.Http11Protocol.SERVER" value="blah"/>

HTTP/1.1 200 OK
Date: Fri, 20 Mar 2015 18:45:36 GMT
Server: blah

But I cannot find a setting to make the header disappear entirely. Has anyone else done this?

OriginalPostID-142293

OriginalPostID-142293

  Discussion posts and replies are publicly visible

  • 0
    Appian Employee
    You won't be able to remove it, your best option is to customize it with a value of preference since this is a mandatory header as defined RFC www.w3.org/.../rfc2616-sec14.html


    14.38 Server
    The Server response-header field contains information about the software used by the origin server to handle the request.
    The field can contain multiple product tokens (section 3.8) and comments identifying the server and any significant subproducts. The product tokens are listed in order of their significance for identifying the application.

    If the response is being forwarded through a proxy, the proxy application MUST NOT modify the Server response-header. Instead, it SHOULD include a Via field (as described in section 14.45).

    Note: Revealing the specific software version of the server might
    allow the server machine to become more vulnerable to attacks
    against software that is known to contain security holes. Server
    implementors are encouraged to make this field a configurable
    option.
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.