How to Hide Apache Tomcat Version Number from Error Pages

When we call a page that does not exist (HTTP ERROR CODE 404 | Not Found) in the tomcat server, or when an existing page returns an error (HTTP ERROR CODE 500 | Internal Server Error), the tomcat server will display the version number. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.

How to hide the version number from the error pages:

  1. Go to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory.
  1. Under org/apache/catalina/util directory create ServerInfo.properties file.
  1. Now add below line
server.info=XXX (What ever yo want)
  1. Now restart tomcat server and on error page  it will show the value you have specified in ServerInfo.properties file .

Web-Development 12

FOLLOW US ON LinkedIn



Explore Tutu'rself