JBoss 7 Modify Server Banner from Header

By default, JBoss application server will have its own identity in HTTP response header which is considered as information leakage vulnerability.

And, if you are working on PCI compliant environment then this is something you must fix.

Default Configuration will display Server banner as following HTTP response header

Server: Apache-Coyote/1.1

Implementation

Go to JBoss/bin folder
Add following in standalone.conf under JAVA_OPTS variable

-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer

Ex:

JAVA_OPTS="-Xms512m -Xmx512m -XX:MaxPermSize=256m -Xss168K
-Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true
-Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000
-Dfile.encoding=UTF-8
-Dorg.apache.coyote.http11.Http11Protocol.SERVER=JbossSecureServer"

Restart JBoss application server, and you should see Server header is changed.

If you are interested in learning more about JBoss, then check out this course by Packt Publishing.

Chandan Kumar

Author

As the founder of Geekflare, I’ve helped millions to excel in the digital realm. Passionate about technology, I’m on a mission to explore the world and amplify growth for professionals and businesses alike.