Still not doing the trick, tried adding to the server level directive and the Root directory directive. Have the modules added and loaded.
LoadModule headers_module modules/mod_headers.so AddModule mod_headers.c Any other modules needed? Any other thoughts -----Original Message----- From: Tim Funk [mailto:funkman@;joedog.org] Sent: Wednesday, November 06, 2002 11:18 AM To: Tomcat Users List Subject: Re: Suppress Servlet-Engine Info in HTTP Header See mod_headers: http://httpd.apache.org/docs/mod/mod_headers.html In particular, you probably want this: ################################## Header unset Servlet-Engine ################################## -Tim Chad Cannell wrote: > I am trying to tighten up our Apache and Tomcat implementation. I want > to suppress server type and version to make fingerprinting harder. We > have Apache httpd in front of Tomacat on Win32. I can suppress the > Apache info passed in "Server:" parameter, but do not know how to > suppress the "Servlet-Engine:" that Tomcat passes. Anyone? > > HTTP response header > > HTTP/1.1 200 OK > Date: Tue, 05 Nov 2002 17:49:51 GMT > Server: > Set-Cookie2: JSESSIONID=naa2in3fj1;Version=1;Discard;Path="/" > Set-Cookie: JSESSIONID=naa2in3fj1;Path=/ > Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java > 1.3.1_04; Windows 2000 5.0 x86; java.vendor=Sun Microsystems Inc.) > <---Want to null this > Connection: close > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>