Is there a way to hide the JBossWeb or Tomcat version in an error page?

Solution Verified - Updated -

Issue

  • The default Tomcat error handler displays the version details of the application server. Is there a way to hide this information from end users. It is possible that a remote attacker could use this information to mount further attacks.

  • I need to remove the jbossweb version from default error page message. Is there an option to change the version string ?

  • We have receive HTTP 401 response. How can we customise this error response? E.g. the response should not contain the jboss version.

  • Can you globally in JBoss EAP 6 configure custom error pages for 404, etc? I know that you can do that per application in web.xml,but this means that each application has to have custom valve. This is not satisfaction. 
<error-page>
  <error-code>400</error-code>
  <location>/WEB-INF/errorpage/400.jsp</location>
</error-page>

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 4.x
    • 5.x
    • 6.x
    • 7.x
  • JBoss Enterprise Web Server (EWS)
  • Tomcat
    • 5.5.x
    • 6.x
    • 7.x
    • 8.x
    • 9.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions