Walter Lee

How to mask the Server name in Sun Java Web server ?

Thursday Jun 12, 2008

It  is a good security practice to mask the web server name.


In Sun Java Web server 6.1 SPx, you can simply add


ServerString none  


 into magnus.conf file, then restart.


Before the change ,


apple:/export/home/iws6.1sp9> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 12 Jun 2008 01:33:50 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes


 Then after the change,


apple:/export/home/iws6.1sp9/https-apple.asia.sun.com/config> telnet localhost 61901
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Date: Thu, 12 Jun 2008 01:37:25 GMT
Content-length: 447
Content-type: text/html
Last-modified: Thu, 27 Mar 2008 00:22:13 GMT
Etag: "1bf-47eae8b5"
Accept-ranges: bytes


 (Note: no more Server: Sun-ONE-Web-Server/6.1 in above headers from server.)


------------------------------------------------------------------------------------------------------------------------------------------------------- 


 For 7.0 Ux, you can do it in Admin GUI - Configurations - General - Advanced -HTTP Settings - Server Header:


 e.g. Server Header: none


Admin GUI to change server name


then you will see it inside server.xml,


cat server.xml,
..........
  <user>webservd</user>

  <http>
    <server-header>none</server-header>
  </http>

  <snmp>
 ..........


then a restart will do it.


E.g. before the above change in 7.0 Ux,


 apple:/export/home/iws7.0u2/https-migrate-sp2> telnet localhost 7028
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Thu, 12 Jun 2008 01:42:55 GMT
Content-type: text/html
Last-modified: Thu, 13 Jan 2005 02:34:52 GMT
Content-length: 447
Etag: W/"1bf-41e5de4c"


 after the change,


apple:/export/home/iws7.0u2/https-apple.asia.sun.com/config> telnet localhost 7023
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: apple

HTTP/1.1 200 OK
Server: none
Date: Thu, 12 Jun 2008 02:29:41 GMT
Content-type: text/html
Last-modified: Wed, 28 May 2008 06:31:58 GMT
Content-length: 447
Etag: "1bf-483cfc5e"
Accept-ranges: bytes


Hope this above can help you mask out the default web server name banner.

[0] Comments
Like this post? del.icio.us | furl | slashdot | technorati | digg
Posted at 11:04AM Jun 12, 2008 by Wing-Yip Walter Lee in Sun
Tags:
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed