WAS | JBoss How to suppress or change Server header and X-Powered-By response header returned by JBoss EAP 7.4

WebSphere when native_stdout file capacity continues to increase

---

WAS : JBoss EAP 7.4

issue

How to suppress or change "Server" header and "X-Powered-By" response header returned by JBoss EAP 7.4

보안 취약문제로 Response header "Server", "x-powered-by" 에 노출 되는 버전 정보 문제

    HTTP/1.1 200 OK
    X-Powered-By: Undertow/1
    X-Powered-By: JSP/2.3
    Server: JBoss-EAP/7

Solution plan

x-powered-by 옵션 비활성화

cli mod

/subsystem=undertow/servlet-container=default/setting=jsp:write-attribute(name=x-powered-by,value=false)

admin console

Header 값 변경 cli mod

/subsystem=undertow/configuration=filter/response-header=server-header:write-attribute(name=header-value,value=foo)  
/subsystem=undertow/configuration=filter/response-header=x-powered-by-header:write-attribute(name=header-value,value=bar)

조치 결과

startanalone.xml or domain.xml 반영 결과

정보 노출 테스트 결과