Hide/disable Apache Tomcat server version

Sometimes for security reasons system administrators hide/disable server informations such as web server product name and version. Unlike famous Apache HTTP server Apache Tomcat does not have applicable configuration keys for this, but we can change/remove version information in ServerInfo.properties file which is located in catalina.jar file.

Steps:

  • Stop Apache Tomcat server
  • Unpack $CATALINA_HOME$/lib/catalina.jar or $CATALINA_HOME$/server/lib/catalina.jar (jar xvf catalina.jar org/apache/catalina/util/ServerInfo.properties)
  • Update ServerInfo.properties text file. You will see server.name and server.number keys
  • Pack only ServerInfo.properties file again into catalina.jar (jar uvf catalina.jar org/apache/catalina/util/ServerInfo.properties Be sure not to include org/apache/catalina/util folder structure again)
  • Start Apache Tomcat server

(sorry but I could not add new wiki page in HelpForAdministrators section, pls move to appropriate wiki section)

  • No labels