Due to security issues we need to hide the Apache Tomcat version when the HTTP 404 error page appears.

I’m running Apache Tomacat server. How do I hide the Tomcat version number from the error pages?

Release: CODCVU9900-15.5.1-PPM SAAS-View Only Userpack for-Canadian Government Entities
Component:

Apache Tomcat server is for Java Servlet and JSP. When you call a page that doesn’t exist in the tomcat server, or when an existing page returns an error, the tomcat server will display the version number as shown below. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.

<Please see attached file for image>

For some reason, if you cannot upgrade the Tomcat server to the latest version, and you just want to hide the version number from the error pages, perform the steps mentioned below.

1. Navigate to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory under here. In the following example, /home/tomcat is the $CATALINA_HOME

<Please see attached file for image>

2. Navigate to this newly created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like.

<Please see attached file for image>

3. After this restart the tomcat server.

<Please see attached file for image>

4. Now, if you go to the error page, you will notice the tomcat version number. Instead, you will see the text you’ve set for the server.info parameter.

<Please see attached file for image>

5. After performing the above steps, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below.

<Please see attached file for image>