has any one put together a faq/howto on securing tomcat? our first goal is to prevent determination of the server version by a web client.
an example of this is for url http://127.1:8080/xxdfsdf this is returned, note the Server: Apache Coyote/1.0 and Apache Tomcat/4.1.12 HTTP/1.1 404 /xxdfsdf Content-Type: text/html;charset=ISO-8859-1 Content-Language: en-US Transfer-Encoding: chunked Date: Tue, 31 Dec 2002 20:46:09 GMT Server: Apache Coyote/1.0 <html><head><title>Apache Tomcat/4.1.12 - Error report</title><STYLE><!--H1{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} H3{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} BODY{font-family : sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color : white;background-color : #0086b2;} HR{color : #0086b2;} --></STYLE> </head><body><h1>HTTP Status 404 - /xxdfsdf</h1><HR size="1" noshade><p><b>ty pe</b> Status report</p><p><b>message</b> <u>/xxdfsdf</u></p><p><b>description</b> <u>The requested resource (/xxdfsdf) is not available.</u></p><HR size="1" noshade><h3>Apache Tomcat/4.1.12</h3></body></html> -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron http://www.pyerotechnics.com - - Owner & Lead Pyerotechnics Development, Inc. - - +1 410 808 6646 (c) 500 West University Parkway #1S - - +1 410 467 2266 (f) Baltimore, Maryland 21210-3253 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
