I am trying to tighten up our Apache and Tomcat implementation. I want
to suppress server type and version to make fingerprinting harder. We
have Apache httpd in front of Tomacat on Win32. I can suppress the
Apache info passed in Server: parameter, but do not know how to
suppress the
See mod_headers: http://httpd.apache.org/docs/mod/mod_headers.html
In particular, you probably want this:
##
Header unset Servlet-Engine
##
-Tim
Chad Cannell wrote:
I am trying to tighten up our Apache and Tomcat implementation.
Funk [mailto:funkman;joedog.org]
Sent: Wednesday, November 06, 2002 11:18 AM
To: Tomcat Users List
Subject: Re: Suppress Servlet-Engine Info in HTTP Header
See mod_headers: http://httpd.apache.org/docs/mod/mod_headers.html
In particular, you probably want
Subject: Re: Suppress Servlet-Engine Info in HTTP Header
See mod_headers: http://httpd.apache.org/docs/mod/mod_headers.html
In particular, you probably want this:
##
Header unset Servlet-Engine
##
-Tim
Chad Cannell wrote:
I am
Subject: Re: Suppress Servlet-Engine Info in HTTP Header
I'm out of ideas at this point. In any case I would try the following:
- Add another header of the same name and see what happens
- Add another header of a diff name and see what happens. If this
doesn't work - then I would go to the apache
[mailto:funkman;joedog.org]
Sent: Wednesday, November 06, 2002 1:09 PM
To: Tomcat Users List
Subject: Re: Suppress Servlet-Engine Info in HTTP Header
I'm out of ideas at this point. In any case I would try the following:
- Add another header of the same name and see what happens
- Add another