I am trying to tighten up our Apache and Tomcat implementation. I want to suppress server type and version to make fingerprinting harder. We have Apache httpd in front of Tomacat on Win32. I can suppress the Apache info passed in "Server:" parameter, but do not know how to suppress the "Servlet-Engine:" that Tomcat passes. Anyone?
HTTP response header HTTP/1.1 200 OK Date: Tue, 05 Nov 2002 17:49:51 GMT Server: Set-Cookie2: JSESSIONID=naa2in3fj1;Version=1;Discard;Path="/" Set-Cookie: JSESSIONID=naa2in3fj1;Path=/ Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.3.1_04; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.) <---Want to null this Connection: close -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>