On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] > > Subject: Re: "exception-message" header reveals path to document root in > 404 response. > > > Wow, when I saw this last night, I shook my head and said to myself, > > > Server: Apache-Coyote/1.1 > > > this may be one of the reasons why my server/web-app are subject to > > repeat-offender attacks from certain/few IP addresses in China/Vietnam. > > For the truly paranoid (to quote from the docs), look at the server > attribute of the <Connector> element: > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html > +1 and LOL. server Overrides the Server header for the http response. If set, the value for this attribute overrides the Tomcat default and any Server header set by a web application. If not set, any value specified by the application is used. If the application does not specify a value then Apache-Coyote/1.1 is used. Unless you are paranoid, you won't need this feature. Thanks Chuck for the response and for quoting the user guide. I have not set 'server' on the Connector and still have no need of setting the 'server' attribute. Nice to know that that is available. :)
