krishna-pandey commented on issue #3622: [ZEPPELIN-4586] Add option to avoid sending Jetty version on headers and on 300/400 pages URL: https://github.com/apache/zeppelin/pull/3622#issuecomment-581715554 > bot You got me confused here. I got into thinking about Bots fingerprinting server version and using relevant payloads to attack. My point is "abnormal" or "deviating from normal pattern" makes attacker more curious. Not sending Server version is not a fool-proof way to hide that information, however if someone wants to do that, you just have to put a space char like in below config ``` <property> <name>zeppelin.server.jetty.name</name> <value> </value> <description>Hardcoding Application Server name to Prevent Fingerprinting</description> </property> ``` and you will get below effect <img width="476" alt="Screenshot 2020-02-04 at 08 07 34" src="https://user-images.githubusercontent.com/6433184/73708881-95c06f00-4725-11ea-9359-bd0aa59f38ee.png";> Let me know your thoughts.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
![https://user-images.githubusercontent.com/6433184/73708881-95c06f00-4725-11ea-9359-bd0aa59f38ee.png"](https://user-images.githubusercontent.com/6433184/73708881-95c06f00-4725-11ea-9359-bd0aa59f38ee.png"){kind=link}