Question: I’m running Apache Tomacat server. How do I hide the Tomcat version number from the error pages?
Answer: Apache Tomcat server is for Java Servlet and JSP. When you call a page that doesn’t exist in the tomcat server, or when an existing page returns an error, the tomcat server will display the version number as shown below. This might be a security risk, especially if you are running an old Tomcat server that has some known exploits.
For some reason, if you can’t upgrade the Tomcat server to the latest version, and you just want to hide the version number from the error pages, do the steps mentioned below.
Go to $CATALINA_HOME/lib, and create the org/apache/catalina/util directory under here. In the following example, /home/tomcat is the $CATALINA_HOME
cd /home/tomcat/lib mkdir -p org/apache/catalina/util
Go to this newly created directory, and create a ServerInfo.properties file, and add the server.info parameter as shown below. Set the value of this parameter to anything you like.
cd org/apache/catalina/util $ vi ServerInfo.properties server.info=Apache Tomcat Version X
Afer this restart the tomcat server.
cd $CATALINA_HOME/bin ./catalina.sh stop ./catalina.sh start
Now, if you go the error page, you’ll not see the tomcat version number. Instead, you’ll see the text you’ve set for the server.info parameter.
After you do the above, if you want to see the Tomcat version number, you can still do it from the command line, using the version.sh script as shown below.
$ $CATALINA_HOME/bin/version.sh .. Server version: Apache Tomcat/7.0.35 Server number: 22.214.171.124 ..