How to Hide Apache Tomcat Version Number from Error Pages
Article ID: 129168
Updated On:
Products
Clarity PPM SaaS
Clarity PPM On Premise
Issue/Introduction
Due to security issues we need to hide the Apache Tomcat version when the HTTP 404 error page appears.
I’m running Apache Tomacat server. How do I hide the Tomcat version number from the error pages?
I’m running Apache Tomacat server. How do I hide the Tomcat version number from the error pages?
Environment
Release: CODCVU9900-15.5.1-PPM SAAS-View Only Userpack for-Canadian Government Entities
Component:
Component:
Resolution
Apache Tomcat server is for Java Servlet and JSP. When you call a page that doesn’t exist in the tomcat server, or when an existing page returns an error, the tomcat server will display the version number as shown below. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.
2. Navigate to this newly created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like.
3. After this restart the tomcat server.
4. Now, if you go to the error page, you will notice the tomcat version number. Instead, you will see the text you’ve set for the server.info parameter.
5. After performing the above steps, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below.
For Tomcat on Windows you need to know the installation folder and use the same steps making sure you use back slashes.
<Please see attached file for image>
For some reason, if you cannot upgrade the Tomcat server to the latest version, and you just want to hide the version number from the error pages, perform the steps mentioned below.
1. Navigate to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory under here. In the following example, /home/tomcat is the $CATALINA_HOME
<Please see attached file for image>
2. Navigate to this newly created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like.
<Please see attached file for image>
3. After this restart the tomcat server.
<Please see attached file for image>
4. Now, if you go to the error page, you will notice the tomcat version number. Instead, you will see the text you’ve set for the server.info parameter.
<Please see attached file for image>
5. After performing the above steps, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below.
<Please see attached file for image>
For Tomcat on Windows you need to know the installation folder and use the same steps making sure you use back slashes.
Attachments
Feedback
Yes
No
Powered by
