I used to work with a guy that had a favourite past-time. He'd grep the source for those strings, and them replace them with a MOTD - usually flavoured with monty python references. So if there's no configuration for this, that's one option. (alter the source to return 'empty string' and recompile).
> -----Original Message----- > From: Adam Hardy [mailto:[EMAIL PROTECTED] > Sent: Monday, March 08, 2004 4:03 PM > To: Tomcat Users List > Subject: Re: Hiding "Apache-Coyote/1.1" banner in Tomcat 5 > > > On 03/08/2004 02:57 PM James Agnew wrote: > > I've been looking for a way to prevent security scanners such as > > Nessus from being able to easily read Tomcat's standalone webserver > > details. I'm running Tomcat 5.0.18 standalone and Nessus > identifies > > it as follows: > > > > Server Version: Apache-Coyote/1.1 > > Server Banner: Apache-Coyote/1.1 > > > > I can't seen anything similar to Apache's 'ServerTokens' > directive to > > disable/suppress the info given out. > > Pardon my ignorance, but what is the problem with that? > > Adam > -- > struts 1.1 + tomcat 5.0.16 + java 1.4.2 > Linux 2.4.20 Debian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
