How to Hide Apache Tomcat Version Number from Error Pages

When we call a page that does not exist (HTTP ERROR CODE 404 | Not Found) in the tomcat server, or when an existing page returns an error (HTTP ERROR CODE 500 | Internal Server Error), the tomcat server will display the version number. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.

How to hide the version number from the error pages:

  1. Go to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory.
  1. Under org/apache/catalina/util directory create file.
  1. Now add below line (What ever yo want)
  1. Now restart tomcat server and on error page  it will show the value you have specified in file .

Web-Development 12


Explore Tutu'rself