Monday, June 1, 2015

How To Modify Server Banner in JBoss 6 & 7

By default JBoss application server will have its own identity in HTTP response header. For security reason, if you don’t want to expose – you can modify.

Default Configuration will display Server banner as following HTTP response header
Server: Apache-Coyote/1.1
JBossAS 6:
  Open JBoss_HOME/deploy/jbossweb.sar/server.xml 
 <Connector protocol="HTTP/1.1" port="${jboss.web.http.port}" address="${jboss.bind.address}" 
         redirectPort="${jboss.web.https.port}" server="JbossSecureServer" xpoweredBy="false"/>


Jboss 7 :
Implementation:
  • Go to JBoss/bin folder
  • Add following in standalone.conf under JAVA_OPTS variable
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer
Ex:
JAVA_OPTS="-Xms512m -Xmx512m -XX:MaxPermSize=256m -Xss168K 
-Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true 
-Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 
-Dfile.encoding=UTF-8 
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer"
  • Restart JBoss 7 Application server and you should see Server banner is changed as following in HTTP response header now.
Server: JbossSecureServer
Posted by at No comments:
Subscribe to: Posts (Atom)