Hide Server Banner and Product Info from HTTP Header

Hide Server Banner and Product Info from HTTP Header

A server banner may display information about the underlying hosting environment. Usually in Applications Manager, the information that can be exposed is the product name:

  1. Server: AppManager
For security purposes, it may be desirable to disable the Server response header.

Steps to remove header

  1. Take a backup and open <apm-home>/working/apache/tomcat/conf/backup/server.xml
  2. Search and remove below key-value(s).
    1. server="AppManager"
  3. Restart APM and verify the response headers.

Steps to verify

  1. If this has been reported as a violation in your network scan tool, please re scan and confirm.
  2. Manual steps: 
    1. Using cURL : curl -v <Applications Manager URL>
      eg., curl -v http://apm-me-server:9090

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to enable HTTP Strict-Transport-Security (HSTS) response header

                      Overview From Applications Manager v16250, the super administrator has the option of enabling HSTS. The RFC 6797-specified HTTP Strict Transport Security (HSTS) protocol enables a website to identify itself as a secure host and notify browsers that ...
                    • Troubleshooting Bad Request and Internal Server error

                      When a server responds with a Bad Request (400) or Internal Server Error (500), It typically indicates issues with how the request is being made or processed. The reasons for these errors can vary, but the most common causes are Incorrectly formatted ...
                    • Mail Server Monitor - Troubleshooting

                      Common Mail Server Monitor Errors and Troubleshooting Guide 1. Unknown Host Error Description: This error occurs when the mail client cannot resolve the hostname of the mail server to an IP address. The issue typically arises from DNS resolution ...
                    • Disable HTTP access in Applications Manager

                      Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed through any of the following URLs: For HTTP  -> http://[hostname/ip-address]:[http-port] ...
                    • Configure "/server-status" page for Oracle HTTP server

                      In order to monitor an Oracle HTTP server in Applications Manager, the '/server-status' page must be configured on the target Oracle HTTP server that needs to be monitored. This can be accomplished by following these steps: Step 1 - Enable the ...