oops, right Server is always on but it says "Apache Coyote/1.1" (./org/apache/coyote/http11/Constants.java)
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber <http://www.tomitribe.com> 2015-05-07 23:47 GMT+02:00 Andy <[email protected]>: > @Romain... > > @Andy: you didnt deactivated all headers by default since server and > xpoweredBy are 2 different things. I'd just completely revert it keeping > conf 1-1 with tomcat. Will not be activated anyway by guys in prod IMO. > > > I do wish you wouldn't quote or claim things that I never said? On what > planet, in which universe and where was I suggesting that server and > xpoweredBy are the same thing? Please show me this? > > Well the point is why configuring xpoweredBy at all and why giving attackers a way to potentially find faster an issue providing the server (so encouraging providing 2 info). This is not what you said but did. > On 07/05/2015 23:21, Romain Manni-Bucau wrote: > >> You activated 2 different headers which is useless since we change >> serverinfo by default you already get tomee here. >> >> That said this is not the real issue. Doing it is a standard security >> issue, that is why it is off by default in tomcat so I suggest to not set >> it on by default >> >> >> >> >> Romain Manni-Bucau >> @rmannibucau <https://twitter.com/rmannibucau> | Blog >> <http://rmannibucau.wordpress.com> | Github < >> https://github.com/rmannibucau> | >> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber >> <http://www.tomitribe.com> >> >> 2015-05-07 23:10 GMT+02:00 Andy <[email protected]>: >> >> Some crawlers are using that header as the evaluation. Default is Apache >>> Tomcat 7.0.x etc and it is always on, so having Apache TomEE will give us >>> better standing. >>> >>> Andy. >>> >>> On 07/05/2015 22:38, Romain Manni-Bucau wrote: >>> >>> PS (sorry hit enter without wishing it): asking cause I wouldn't have it >>>> on >>>> by default as a user >>>> >>>> >>>> Romain Manni-Bucau >>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog >>>> <http://rmannibucau.wordpress.com> | Github < >>>> https://github.com/rmannibucau> | >>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber >>>> <http://www.tomitribe.com> >>>> >>>> 2015-05-07 22:36 GMT+02:00 Romain Manni-Bucau <[email protected]>: >>>> >>>> Hi >>>> >>>>> What's the goal? We already switch server info,isnt it enough? >>>>> >>>>> Romain Manni-Bucau >>>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog >>>>> <http://rmannibucau.wordpress.com> | Github >>>>> <https://github.com/rmannibucau> | LinkedIn >>>>> <https://www.linkedin.com/in/rmannibucau> | Tomitriber >>>>> <http://www.tomitribe.com> >>>>> >>>>> >>>>> ---------- Forwarded message ---------- >>>>> From: <[email protected]> >>>>> Date: 2015-05-07 22:03 GMT+02:00 >>>>> Subject: tomee git commit: TomEE header >>>>> To: [email protected] >>>>> >>>>> >>>>> Repository: tomee >>>>> Updated Branches: >>>>> refs/heads/master 2c4047e14 -> 268b57c86 >>>>> >>>>> >>>>> TomEE header >>>>> >>>>> >>>>> Project: http://git-wip-us.apache.org/repos/asf/tomee/repo >>>>> Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/268b57c8 >>>>> Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/268b57c8 >>>>> Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/268b57c8 >>>>> >>>>> Branch: refs/heads/master >>>>> Commit: 268b57c868c055e3788b85d6ed6a192da094e808 >>>>> Parents: 2c4047e >>>>> Author: [email protected] <[email protected]> >>>>> Authored: Thu May 7 22:03:35 2015 +0200 >>>>> Committer: [email protected] <[email protected]> >>>>> Committed: Thu May 7 22:03:35 2015 +0200 >>>>> >>>>> ---------------------------------------------------------------------- >>>>> .../apache/tomee/RemoteTomEEEJBContainerIT.java | 2 +- >>>>> .../java/org/apache/tomee/installer/Installer.java | 17 >>>>> +++++++++++++++++ >>>>> 2 files changed, 18 insertions(+), 1 deletion(-) >>>>> ---------------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> http://git-wip-us.apache.org/repos/asf/tomee/blob/268b57c8/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>> ---------------------------------------------------------------------- >>>>> diff --git >>>>> >>>>> >>>>> a/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>> >>>>> >>>>> b/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>> index 70fcf6f..17731b9 100644 >>>>> --- >>>>> >>>>> >>>>> a/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>> +++ >>>>> >>>>> >>>>> b/tomee/apache-tomee/src/test/java/org/apache/tomee/RemoteTomEEEJBContainerIT.java >>>>> @@ -67,7 +67,7 @@ public class RemoteTomEEEJBContainerIT { >>>>> " <!-- TomEE plugin for Tomcat -->\n" + >>>>> " <Listener >>>>> className=\"org.apache.tomee.catalina.ServerListener\" />\n" + >>>>> " <Service name=\"Catalina\">\n" + >>>>> - " <Connector port=\"" + http + "\" >>>>> protocol=\"HTTP/1.1\" >>>>> />\n" + >>>>> + " <Connector port=\"" + http + "\" >>>>> protocol=\"HTTP/1.1\" >>>>> xpoweredBy=\"false\" server=\"Apache TomEE\" />\n" + >>>>> " <Engine name=\"Catalina\" >>>>> defaultHost=\"localhost\">\n" + >>>>> " <Host name=\"localhost\" appBase=\"webapps\"\n" >>>>> + >>>>> " unpackWARs=\"true\" >>>>> autoDeploy=\"true\">\n" + >>>>> >>>>> >>>>> >>>>> >>>>> http://git-wip-us.apache.org/repos/asf/tomee/blob/268b57c8/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>> ---------------------------------------------------------------------- >>>>> diff --git >>>>> >>>>> >>>>> a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>> >>>>> >>>>> b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>> index 0308c3d..60bd8f7 100644 >>>>> --- >>>>> >>>>> >>>>> a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>> +++ >>>>> >>>>> >>>>> b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java >>>>> @@ -448,6 +448,23 @@ public class Installer implements >>>>> InstallerInterface { >>>>> alerts.addError("Error while adding listener to >>>>> server.xml >>>>> file", e); >>>>> } >>>>> >>>>> + //Add TomEE header >>>>> + try { >>>>> + newServerXml = Installers.replace(serverXmlOriginal, >>>>> + "<Connector port=\"8080\"", >>>>> + "<Connector port=\"8080\"", >>>>> + "/>", >>>>> + "xpoweredBy=\"false\" server=\"Apache TomEE\" >>>>> />"); >>>>> + >>>>> + newServerXml = Installers.replace(serverXmlOriginal, >>>>> + "<Connector port=\"8443\"", >>>>> + "<Connector port=\"8443\"", >>>>> + "/>", >>>>> + "xpoweredBy=\"false\" server=\"Apache TomEE\" >>>>> />"); >>>>> + } catch (final IOException e) { >>>>> + alerts.addError("Error adding server attribute to >>>>> server.xml >>>>> file", e); >>>>> + } >>>>> + >>>>> // overwrite server.xml >>>>> if (Installers.writeAll(paths.getServerXmlFile(), >>>>> newServerXml, >>>>> alerts)) { >>>>> alerts.addInfo("Add OpenEJB listener to server.xml"); >>>>> >>>>> >>>>> >>>>> >>>>> -- >>> Andy Gumbrecht >>> https://twitter.com/AndyGeeDe >>> >>> >>> > -- > Andy Gumbrecht > https://twitter.com/AndyGeeDe > >
