Hide Server Banner and Product Info from HTTP Header

Hide Server Banner and Product Info from HTTP Header

A server banner may display information about the underlying hosting environment. Usually in Applications Manager, the information that can be exposed is the product name:

  1. Server: AppManager
For security purposes, it may be desirable to disable the Server response header.

Steps to remove header

  1. Take a backup and open <apm-home>/working/apache/tomcat/conf/backup/server.xml
  2. Search and remove below key-value(s).
    1. server="AppManager"
  3. Restart APM and verify the response headers.

Steps to verify

  1. If this has been reported as a violation in your network scan tool, please re scan and confirm.
  2. Manual steps: 
    1. Using cURL : curl -v <Applications Manager URL>
      eg., curl -v http://apm-me-server:9090


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to enable HTTP Strict-Transport-Security (HSTS) response header

                      Overview From Applications Manager v16250, the super administrator has the option of enabling HSTS. The RFC 6797-specified HTTP Strict Transport Security (HSTS) protocol enables a website to identify itself as a secure host and notify browsers that ...

                    • Configure "/server-status" page for Oracle HTTP server

                      In order to monitor an Oracle HTTP server in Applications Manager, the '/server-status' page must be configured on the target Oracle HTTP server that needs to be monitored. This can be accomplished by following these steps: Step 1 - Enable the ...

                    • Disable HTTP access in Applications Manager

                      Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed through any of the following URLs: For HTTP  -> http://[hostname/ip-address]:[http-port] ...

                    • Configure "/server-status" page for IBM HTTP server

                      In order to monitor an IBM HTTP server in Applications Manager, the '/server-status' page must be configured on the target IBM HTTP server that needs to be monitored. This can be accomplished by following these steps: Step 1 - Enable the ...

                    • IIS Server monitor - Troubleshooting steps

                      Unable to add IIS Server monitor Follow the below given below to add an IIS server monitor in Applications Manager: First, check whether all the prerequisites are done. Check the IIS Server URL is accessible from Applications Manager server. If your ...

                      Related Products