Is there a way to hide the JBossWeb or Tomcat version in an error page?
Issue
- The default Tomcat error handler displays the version details of the application server. Is there a way to hide this information from end users. It is possible that a remote attacker could use this information to mount further attacks.
- I need to remove the jbossweb version from default error page message. Is there an option to change the version string ?
- We have receive HTTP 401 response. How can we customise this error response? E.g. the response should not contain the jboss version.
-
Can you globally in JBoss EAP 6 configure custom error pages for 404, etc? I know that you can do that per application in web.xml,but this means that each application has to have custom valve. This is not satisfaction.
<error-page> <error-code>400</error-code> <location>/WEB-INF/errorpage/400.jsp</location> </error-page>
Environment
- JBoss Enterprise Application Platform (EAP)
- 4.x
- 5.x
- 6.x
- 7.x
- JBoss Enterprise Web Server (EWS)
- Tomcat
- 5.5.x
- 6.x
- 7.x
- 8.x
- 9.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.