NAVIGATION
Home
Gallery
Java
Linux
Web
Scripts And Utilities
Mobile And Sms
Misc
Contact
pixelWIKI
Nabaz Tag




<<

Securing Tomcat And Jboss

Securing Tomcat


Disable directory listings:
Edit CATALINA_HOME/conf/web.xml: 

 <servlet>
   <servlet-name>default</servlet-name>
   <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
   <init-param>
     <param-name>debug</param-name>
     <param-value>0</param-value>
   </init-param>
   <init-param>
     <param-name>listings</param-name>
     <param-value>false</param-value>  <!-- make sure this is false -->
   </init-param>
   <load-on-startup>1</load-on-startup>
 </servlet>


Change server-info string on error pages:
unpack properties file:
cd CATALINA_HOME/server/lib
jar xf catalina.jar org/apache/catalina/util/ServerInfo.properties

Change ServerInfo.properties, updating server.info and repack file:
jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties



Securing JBoss 3.2

Disable directory listings:
Edit SERVER_HOME/deploy/jbossweb-tomcat50.sar/conf/web.xml: 

<servlet>
   <servlet-name>default</servlet-name>
   <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
   <init-param>
      <param-name>debug</param-name>
      <param-value>0</param-value>
   </init-param>
   <init-param>
      <param-name>listings</param-name>
      <param-value>false</param-value>  <!-- make sure this is false -->
   </init-param>
   <load-on-startup>1</load-on-startup>
</servlet>


Change X-Powered-By header:
Edit SERVER_HOME/deploy/jbossweb-tomcat50.sar/conf/web.xml: 

<filter>
   <filter-name>CommonHeadersFilter</filter-name>
   <filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
   <init-param>
      <param-name>X-Powered-By</param-name>
      <param-value>Servlet 2.4; Tomcat-5.0.28/JBoss-3.2.7 (build: ...</param-value>  <!-- change this value -->
   </init-param>
</filter>


Change server-info string on error pages:
unpack properties file:
cd SERVER_HOME/deploy/jbossweb-tomcat50.sar
jar xf catalina.jar org/apache/catalina/util/ServerInfo.properties

Change ServerInfo.properties, updating server.info and repack file:
jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties



Securing JBoss 4.2

Disable directory listings:
Edit SERVER_HOME/deploy/jboss-web.deployer/conf/web.xml: 

<servlet>
   <servlet-name>default</servlet-name>
   <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
   <init-param>
      <param-name>debug</param-name>
      <param-value>0</param-value>
   </init-param>
   <init-param>
      <param-name>listings</param-name>
      <param-value>false</param-value>  <!-- make sure this is false -->
   </init-param>
   <load-on-startup>1</load-on-startup>
</servlet>


Change X-Powered-By header:
Edit SERVER_HOME/deploy/jboss-web.deployer/conf/web.xml: 

<filter>
   <filter-name>CommonHeadersFilter</filter-name>
   <filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
   <init-param>
      <param-name>X-Powered-By</param-name>
      <param-value>Servlet 2.4; JBoss-4.2.0.GA (build: ...</param-value>  <!-- change this value -->
   </init-param>
</filter>


Change server-info string on error pages:
unpack properties file:
cd SERVER_HOME/deploy/jboss-web.deployer
jar xf jbossweb.jar org/apache/catalina/util/ServerInfo.properties

Change ServerInfo.properties, updating server.info and repack file:
jar uf jbossweb.jar org/apache/catalina/util/ServerInfo.properties