Sunday, September 8, 2024
HometomcatTomcat hides the version number and closes the default management page (1)

Tomcat hides the version number and closes the default management page (1)

1. Hide the version information in the Tomcat exception page and leak the Tomcat server version number

Tomcat/8.5.xx related version number and other information are not safe. This will be obtained by hackers and use other vulnerabilities in this version to perform abnormal operations on the server, so it needs to be hidden.

Enter the tomcat installation directory
apache-tomcat-8.5.95/lib/catalina.jar
Find the ServerInfo.properties file and modify it
org/apache/catalina/util/ServerInfo.properties

Delete the version information, save and exit.
server.info=
server.number=
server.built=

2. Another way to directly hide the Tomcat default management page

Enter the webapps/ROOT directory and create a default page index.html. You can also set the content of the default page yourself.

for examplevim index.html
<CTYPE html>
<html>
<head>  
    <style>
        body {
            background-color: #000;
            color: #fff;
            font-family: Arial, sans-serif;
        }

        .panel {
            background-color: #000;
            color: #fff;
            padding: 20px;
            margin: 20px;
            border-radius: 10px;
            box-shadow: 0 2px 5px rgba(0, 0, 0, 0.3);
        }
    </style>  
</head>
<body>
    <div class="panel">
        <h1>Welcome to the chinalife</h1>
    </div>
</body>
</html> 

After modifying the test verification, http://localhost:port

RELATED ARTICLES

Most Popular

Recent Comments