1. Hide the version information in the Tomcat exception page and leak the Tomcat server version number
Tomcat/8.5.xx related version number and other information are not safe. This will be obtained by hackers and use other vulnerabilities in this version to perform abnormal operations on the server, so it needs to be hidden.
Enter the tomcat installation directory
apache-tomcat-8.5.95/lib/catalina.jar
Find the ServerInfo.properties file and modify it
org/apache/catalina/util/ServerInfo.properties
Delete the version information, save and exit.
server.info=
server.number=
server.built=
2. Another way to directly hide the Tomcat default management page
Enter the webapps/ROOT directory and create a default page index.html. You can also set the content of the default page yourself.
for examplevim index.html
<CTYPE html>
<html>
<head>
<style>
body {
background-color: #000;
color: #fff;
font-family: Arial, sans-serif;
}
.panel {
background-color: #000;
color: #fff;
padding: 20px;
margin: 20px;
border-radius: 10px;
box-shadow: 0 2px 5px rgba(0, 0, 0, 0.3);
}
</style>
</head>
<body>
<div class="panel">
<h1>Welcome to the chinalife</h1>
</div>
</body>
</html>
After modifying the test verification, http://localhost:port