Is there a way to hide the JBossWeb or Tomcat version in an error page?
Issue
- The default Tomcat error handler displays the version details of the application server. Is there a way to hide this information from end users. It is possible that a remote attacker could use this information to mount further attacks.
-
I need to remove the jbossweb version from default error page message. Is there an option to change the version string ?
-
We have receive HTTP 401 response. How can we customise this error response? E.g. the response should not contain the jboss version.
- Can you globally in JBoss EAP 6 configure custom error pages for 404, etc? I know that you can do that per application in web.xml,but this means that each application has to have custom valve. This is not satisfaction.
<error-page>
<error-code>400</error-code>
<location>/WEB-INF/errorpage/400.jsp</location>
</error-page>
Environment
- JBoss Enterprise Application Platform (EAP)
- 4.x
- 5.x
- 6.x
- 7.x
- JBoss Enterprise Web Server (EWS)
- Tomcat
- 5.5.x
- 6.x
- 7.x
- 8.x
- 9.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.