移除jboss响应中的中间件信息

最新推荐文章于 2020-12-10 16:44:31 发布

转载最新推荐文章于 2020-12-10 16:44:31 发布 · 1.2k 阅读

jboss 专栏收录该内容

26 篇文章

订阅专栏

本文介绍如何在不同版本的JBoss中禁用X-Powered-By响应头，包括JBoss 4.2、5.0、6.0及7.x系列。通过修改配置文件达到隐藏服务器信息的目的。

JBoss 4.2

Suppressing the X-Powered-By header in JBoss 4.2.x can be done by modifying the web.xml file located in ${jboss.home}/server/${server.instance.name}/deploy/jboss-web.deployer/conf/. For example, if you are using the 'default' instance and running jboss 4.2.3 from /usr/local, the path to the configuration file would be /usr/local/jboss-4.2.3.GA/server/default/deploy/jboss-web.deployer/conf/. Locate the Common Filter Configuration line (line 25 on a stock 'default' server instance configuration file) and comment out the lines for the init-param, param-name, and param-value entries. Example below

  <!-- ================== Common filter Configuration ==================== -->
    <filter>
       <filter-name>CommonHeadersFilter</filter-name>
       <filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
    <!--   <init-param> -->
    <!--      <param-name>X-Powered-By</param-name>  -->
    <!--      <param-value>Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807     181439)/JBossWeb-2.0</param-value>  -->
    <!--   </init-param>  -->
    </filter>

Restart JBoss and the header will no longer show up.

JBoss 5.0 & JBoss 5.1

The web.xml file that needs to be updated is located in a different location than with JBoss 4,2 but the technique is the same. To suppress the X-Powered-By header under JBoss 5.0, comment out the init-param, param-name, and param-value line entries from the web.xml located in ${jboss.home}server/${server.instance.name}/deployers/jbossweb.deployer/.

  <!-- ================== Common filter Configuration ==================== -->
    <filter>
       <filter-name>CommonHeadersFilter</filter-name>
       <filter-class>
          org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
    <!--   <init-param>  -->
    <!--      <param-name>X-Powered-By</param-name>  -->
    <!--      <param-value>Servlet 2.5; JBoss-5.0/JBossWeb-2.1</param-value>  -->
    <!--   </init-param>  -->

Once you have made the configuration changes, restart JBoss so they can take effect.

JBoss 6.0, JBoss 7.0, JBoss 7.1

In order to suppress the X-Powered-By header in JBoss 6, 7, or 7.1, you no longer make changes to web.xml files but instead modify the catalina.properties file included with your server instance. Edit the catalina.properties file located in ${jboss.home}/server/${server.instance.name}/deploy/jbossweb.sar/. Locate the property named: org.apache.catalina.connector.X_POWERED_BY and set its value to false. Restart the server and you're all set.