troubleshooting Question

Suppress Servlet-Engine Info in tomcat HTTP Header

Avatar of jellybellyjo
jellybellyjo asked on
Apache Web Server
2 Comments1 Solution409 ViewsLast Modified:
Hi all.

I hope this is the right area for this question - I couldn't see a tomcat-specific category.

In the Apache config, you can change the ServerTokens directive from Full to Prod to suppress the amount of information sent with the HTTP headers - a good idea for a production system to hide the implementation details.
e.g. instead of sending the full info, such as 'Server: Apache/2.0.49 (Win32) mod_ssl/2.0.49 OpenSSL/0.9.7d mod_jk/1.2.4', with the Prod setting it only sends 'Server: Apache'.

I was just wondering if there is such an option for tomcat. Currently it is sending 'Servlet-Engine: Tomcat Web Server/3.2.1 (JSP 1.1; Servlet 2.2; Java 1.3.1_07; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.)' - can I change the config so that it just sends something like 'Servlet-Engine: Tomcat Web Server' or similar?

Thanks for your help!
Jo.
ASKER CERTIFIED SOLUTION
jellybellyjo

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros