• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 794
  • Last Modified:

Tomcat: Hide web server name

I've secured my web application using JDBC realms.   when a user fails to authenticate, tomcat shows an unauthorized page that displays the web server type (i.e Tomcat 4.1.18).     How do I customize the error page so that it is a generic "you don't have access to this resource" page that does not indicate what type of web server is being run?

0
mberumen
Asked:
mberumen
  • 3
1 Solution
 
cianid3Commented:
Include this in your .htaccess file

ErrorDocument 403 http://www.yoururl.com/errorpage.html

replace yoururl with the address of your server and create a new file called errorpage.html and include whatever you want for example "you don't have access to this resource". You could also try turning of your server signature in the apache config file.

0
 
mberumenAuthor Commented:
I should clarify that this is a standalone configuration, there is no apache server..

0
 
NetWizeCommented:
you can specify the error-page in the web.xml right at the place where you configure the ressources to be protected.
0
 
mberumenAuthor Commented:
Thanks for all the leads, when my schedule clears I'll try your suggestions and let you know

mb
0
 
mberumenAuthor Commented:
Thanks for the lead.

mb
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now