]
Stuart Douglas resolved WFLY-1091.
----------------------------------
Resolution: Out of Date
ability to remove the response-header Server:Apache-Coyote/1.1
--------------------------------------------------------------
Key: WFLY-1091
URL:
https://issues.jboss.org/browse/WFLY-1091
Project: WildFly
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Web (Undertow)
Reporter: nimo stephan
Assignee: Stuart Douglas
Jboss AS 7 includes the following HTTP-Header for every response:
Server:Apache-Coyote/1.1
For security issues, it is good to hide this header so attackers cannot easily derivate
its underlying technology (which, in this case, indicates that Java-Technology/Tomcat is
used).
Possible solutions is:
Invent a new system-property "org.jboss.as.sendServerHeader" which can be set,
for example, in standalone.xml:
<system-properties>
<property name="org.apache.coyote.http11.Http11Protocol.SERVER"
value=""/>
<property name="org.jboss.as.sendServerHeader" value="false"/>
</system-properties>
Note:
- leaving the value of "org.apache.coyote.http11.Http11Protocol.SERVER" results
in printing the Server-Header also, instead of to go away. However, with that value I can
rename the Server-Header, but not deleting it.
- At first, I have thought this is a JSF-Rendering-Issue, so I created that issue here
http://java.net/jira/browse/JAVASERVERFACES-2445, but it stated out that printing the
Server-Header is a "application server level concern".
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: