tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From acastanheira2001 <acastanheira2...@yahoo.com.br>
Subject Re: How to hide x-poweredBY response header
Date Tue, 04 Aug 2009 15:09:02 GMT

Folks,

My conf/web.xml config is:

<!-- ================== Common filter Configuration ==================== -->
   <filter>
      <filter-name>CommonHeadersFilter</filter-name>
     
<filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
      <init-param>
         <param-name>X-Powered-By</param-name>
         <param-value>Servlet 2.4; JBoss-4.2.0.GA_CP02 (build:
SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5</param-value>
      </init-param>
   </filter>

...

 <!-- The JSP page compiler and execution servlet, which is the mechanism 
-->
  <!-- used by Tomcat to support JSP pages.  Traditionally, this servlet   
-->
  <!-- is mapped to the URL pattern "*.jsp".  This servlet supports the    
-->
  <!-- following initialization parameters (default values are in square   
-->
  <!-- brackets):                                                          
-->
<!--   xpoweredBy          Determines whether X-Powered-By response      
-->
  <!--                       header is added by generated servlet  [false] 
-->

    <servlet>
        <servlet-name>jsp</servlet-name>
        <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
        <init-param>
            <param-name>fork</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>xpoweredBy</param-name>
            <param-value>false</param-value>
        </init-param>


As we can see, xpoweredBy is set to false.

Another config in server.xml:


<!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking &
non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8080" address="${jboss.bind.address}"
         maxThreads="250" maxHttpHeaderSize="8192"
         emptySessionPath="true" protocol="HTTP/1.1"
         enableLookups="false" redirectPort="8443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true" />
 
The http://tomcat.apache.org/tomcat-6.0-doc/config/http.html says
"xpoweredBy" has default "false".

Any ideas appreciated.

Thanks,
André




Tim Funk-2 wrote:
> 
> See conf/web.xml in your tomcat installation (and look for xpoweredBy in 
> the comments) - if that doesn't exist - then you'll need to consult the 
> JBOSS docs since they configure it in a different manner.
> 
> -Tim
> 
> acastanheira2001 wrote:
>> Mark,
>> 
>> Could you tell me what Tomcat doc is?
>> 
>> Thanks for your atention,
>> Andre
>> 
>> 
>> Mark Thomas-18 wrote:
>>> acastanheira2001 wrote:
>>>> Hi,
>>>>
>>>> Although I´ve set false to xpoweredBy tag, it continues to appear in
>>>> response headers. 
>>>>
>>>> <init-param>
>>>>             <param-name>xpoweredBy</param-name>
>>>>             <param-value>false</param-value>
>>>> </init-param>
>>> Where did you read that was the way to set it? That isn't what the
>>> Tomcat docs say.
>>>
>>>> How to hide the following information?
>>>> "X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP02 (build:
>>>> SVNTag=JBPAPP_4_2_0_GA_CP02 date=200801291544)/Tomcat-5.5"
>>> But given you are using JBoss, it could be completely different.
>>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/How-to-hide-x-poweredBY-response-header-tp24796578p24810405.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message