How to Hide Apache Tomcat Version Number from Error Pages
When we call a page that does not exist (HTTP ERROR CODE 404 | Not Found) in the tomcat server, or when an existing page returns an error (HTTP ERROR CODE 500 | Internal Server Error), the tomcat server will display the version number. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.
How to hide the version number from the error pages:
- Go to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory.
- Under org/apache/catalina/util directory create ServerInfo.properties file.
- Now add below line
server.info=XXX (What ever yo want)
- Now restart tomcat server and on error page it will show the value you have specified in ServerInfo.properties file .