SlideShare ist ein Scribd-Unternehmen logo

Suppress WAS HTTP Headers

Dave Hay
Dave Hay
Technologie
1 von 10
Downloaden Sie, um offline zu lesen
Suppressing HTTP Headers from WebSphere Application Server 18 December 2013 Version 0.5 Dave Hay IBM Software Services for WebSphere (ISSW) david_hay@uk.ibm.com +44 7802 918423
The Problem ● Our client has identified a risk, in terms of providing too much information to a potential attacker, due to WebSphere Application Server (WAS) returning it's version string in the HTTP headers returned from a simple HTTPS request.
This is what we see ● This is from IBM BPM Standard 7.5.1.1 ( Process Center )
This is how we resolve it ● ● WAS includes the ability to override certain HTTP headers. Overrides include: ServerHeaderValue – Allows Server Header to be set to a custom string RemoveServerHeader – Allows Server Header to be completed removed ● This is documented in the Information Center ( see Bibliography )
How to set HTTP Headers - 1/2
How to set HTTP Headers - 2/2 OR
Example – Using ServerHeaderValue
Example – Using RemoveServerHeader
Backup ● ● The same “risk” has been identified with IBM HTTP Server. This can be mitigated by adding: AddServerHeader Off ServerTokens Prod ServerSignature Off to the IHS httpd.conf file.
Bibliography WAS 8.0 - Information Center - HTTP transport channel custom properties WAS 7.0 – Information Center - HTTP transport custom properties Apache Documentation - ServerSignature Directive Apache Documentation - ServerTokens Directive IHS Documentation - AddServerHeader Directive

Empfohlen

Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaonAP EDUSOFT
 
Azure Machine Learning and its real-world use cases
Azure Machine Learning and its real-world use casesAzure Machine Learning and its real-world use cases
Azure Machine Learning and its real-world use casesMichaela Murray
 
The Test Pyramid
The Test PyramidThe Test Pyramid
The Test PyramidThiago Ghisi
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based TestingJohan Hoberg
 
Connecting to AWS IoT
Connecting to AWS IoTConnecting to AWS IoT
Connecting to AWS IoTAmazon Web Services
 
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...SlideTeam
 
Build, Train & Deploy Machine Learning Models at Scale
Build, Train & Deploy Machine Learning Models at ScaleBuild, Train & Deploy Machine Learning Models at Scale
Build, Train & Deploy Machine Learning Models at ScaleAmazon Web Services
 
Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...
Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...
Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...Daniel Katz
 

Empfohlen

Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaonAP EDUSOFT
 
Azure Machine Learning and its real-world use cases
Azure Machine Learning and its real-world use casesAzure Machine Learning and its real-world use cases
Azure Machine Learning and its real-world use casesMichaela Murray
 
The Test Pyramid
The Test PyramidThe Test Pyramid
The Test PyramidThiago Ghisi
 
Risk-based Testing
Risk-based TestingRisk-based Testing
Risk-based TestingJohan Hoberg
 
Connecting to AWS IoT
Connecting to AWS IoTConnecting to AWS IoT
Connecting to AWS IoTAmazon Web Services
 
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...
Devops Strategy Roadmap Lifecycle Ppt Powerpoint Presentation Slides Complete...SlideTeam
 
Build, Train & Deploy Machine Learning Models at Scale
Build, Train & Deploy Machine Learning Models at ScaleBuild, Train & Deploy Machine Learning Models at Scale
Build, Train & Deploy Machine Learning Models at ScaleAmazon Web Services
 
Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...
Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...
Legal Analytics Course - Class 6 - Overfitting, Underfitting, & Cross-Validat...Daniel Katz
 
Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAPprinceirfancivil
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Testing documents
Testing documentsTesting documents
Testing documentssuhasreddy1
 
Hybrid automation framework
Hybrid automation frameworkHybrid automation framework
Hybrid automation frameworkdoai tran
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda Amazon Web Services
 
Test Case Management Tools
Test Case Management ToolsTest Case Management Tools
Test Case Management ToolsMalang QA Community
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsAmazon Web Services
 
Test Automation Architecture That Works by Bhupesh Dahal
Test Automation Architecture That Works by Bhupesh DahalTest Automation Architecture That Works by Bhupesh Dahal
Test Automation Architecture That Works by Bhupesh DahalQA or the Highway
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSBhargav Amin
 
Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023) Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023)Ahmed Misbah
 
JCR, Sling or AEM? Which API should I use and when?
JCR, Sling or AEM? Which API should I use and when?JCR, Sling or AEM? Which API should I use and when?
JCR, Sling or AEM? Which API should I use and when?connectwebex
 
Api testing
Api testingApi testing
Api testingKeshav Kashyap
 
What is Integration Testing? | Edureka
What is Integration Testing? | EdurekaWhat is Integration Testing? | Edureka
What is Integration Testing? | EdurekaEdureka!
 
DevOps Approach (Point of View by Ravi Tadwalkar)
DevOps Approach (Point of View by Ravi Tadwalkar)DevOps Approach (Point of View by Ravi Tadwalkar)
DevOps Approach (Point of View by Ravi Tadwalkar)Ravi Tadwalkar
 
Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2benjaminwootton
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTechWell
 
Enforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesEnforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesMichael King
 
Seamless End-to-End Production Machine Learning with Seldon and MLflow
Seamless End-to-End Production Machine Learning with Seldon and MLflow Seamless End-to-End Production Machine Learning with Seldon and MLflow
Seamless End-to-End Production Machine Learning with Seldon and MLflowDatabricks
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
Api Gateway
Api GatewayApi Gateway
Api GatewayKhaqanAshraf
 
Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockoutsRichard Diver
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 

Weitere ähnliche Inhalte

Was ist angesagt?

Testing documents
Testing documentsTesting documents
Testing documentssuhasreddy1
 
Hybrid automation framework
Hybrid automation frameworkHybrid automation framework
Hybrid automation frameworkdoai tran
 
Test Automation Architecture That Works by Bhupesh Dahal
Test Automation Architecture That Works by Bhupesh DahalTest Automation Architecture That Works by Bhupesh Dahal
Test Automation Architecture That Works by Bhupesh DahalQA or the Highway
 
Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023) Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023)Ahmed Misbah
 
JCR, Sling or AEM? Which API should I use and when?
JCR, Sling or AEM? Which API should I use and when?JCR, Sling or AEM? Which API should I use and when?
JCR, Sling or AEM? Which API should I use and when?connectwebex
 
What is Integration Testing? | Edureka
What is Integration Testing? | EdurekaWhat is Integration Testing? | Edureka
What is Integration Testing? | EdurekaEdureka!
 
DevOps Approach (Point of View by Ravi Tadwalkar)
DevOps Approach (Point of View by Ravi Tadwalkar)DevOps Approach (Point of View by Ravi Tadwalkar)
DevOps Approach (Point of View by Ravi Tadwalkar)Ravi Tadwalkar
 
Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2benjaminwootton
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTechWell
 
Enforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesEnforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesMichael King
 
Seamless End-to-End Production Machine Learning with Seldon and MLflow
Seamless End-to-End Production Machine Learning with Seldon and MLflow Seamless End-to-End Production Machine Learning with Seldon and MLflow
Seamless End-to-End Production Machine Learning with Seldon and MLflowDatabricks
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 

Was ist angesagt? (20)

Web services SOAP
Web services SOAPWeb services SOAP
Web services SOAP
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Testing documents
Testing documentsTesting documents
Testing documents
 
Hybrid automation framework
Hybrid automation frameworkHybrid automation framework
Hybrid automation framework
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda
 
Test Case Management Tools
Test Case Management ToolsTest Case Management Tools
Test Case Management Tools
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Test Automation Architecture That Works by Bhupesh Dahal
Test Automation Architecture That Works by Bhupesh DahalTest Automation Architecture That Works by Bhupesh Dahal
Test Automation Architecture That Works by Bhupesh Dahal
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023) Migrating to Microservices Patterns and Technologies (edition 2023)
Migrating to Microservices Patterns and Technologies (edition 2023)
 
JCR, Sling or AEM? Which API should I use and when?
JCR, Sling or AEM? Which API should I use and when?JCR, Sling or AEM? Which API should I use and when?
JCR, Sling or AEM? Which API should I use and when?
 
Api testing
Api testingApi testing
Api testing
 
What is Integration Testing? | Edureka
What is Integration Testing? | EdurekaWhat is Integration Testing? | Edureka
What is Integration Testing? | Edureka
 
DevOps Approach (Point of View by Ravi Tadwalkar)
DevOps Approach (Point of View by Ravi Tadwalkar)DevOps Approach (Point of View by Ravi Tadwalkar)
DevOps Approach (Point of View by Ravi Tadwalkar)
 
Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2Configuring Your First Hadoop Cluster On EC2
Configuring Your First Hadoop Cluster On EC2
 
Test Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOpsTest Data Management and Its Role in DevOps
Test Data Management and Its Role in DevOps
 
Enforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesEnforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline Gates
 
Seamless End-to-End Production Machine Learning with Seldon and MLflow
Seamless End-to-End Production Machine Learning with Seldon and MLflow Seamless End-to-End Production Machine Learning with Seldon and MLflow
Seamless End-to-End Production Machine Learning with Seldon and MLflow
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
 

Andere mochten auch

Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockoutsRichard Diver
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileAAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileWASdev Community
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...Dave Hay
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directorythoms1i
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Websphere Application Server v7
Websphere Application Server v7Websphere Application Server v7
Websphere Application Server v7Chris Sparshott
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 

Andere mochten auch (12)

Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockouts
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
iPlanet Request Processing
iPlanet Request ProcessingiPlanet Request Processing
iPlanet Request Processing
 
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileAAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Websphere Application Server v7
Websphere Application Server v7Websphere Application Server v7
Websphere Application Server v7
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 

Ähnlich wie Suppress WAS HTTP Headers

Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyAmit Aggarwal
 
AWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideAWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideManas Mondal
 
MS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsMS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsSpiffy
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAmazon Web Services
 
domain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfdomain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfssusere9bd3b
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSharon James
 
Maven 2 - more than a build tool
Maven 2 - more than a build toolMaven 2 - more than a build tool
Maven 2 - more than a build toolHarald Soevik
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXNGINX, Inc.
 
Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent
 
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...Timofey Turenko
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksAmazon Web Services
 
Citrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCitrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCCIEHOMER
 
Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Royal Cyber Inc.
 
SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWSAmazon Web Services
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 

Ähnlich wie Suppress WAS HTTP Headers (20)

Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
 
AWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideAWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On Guide
 
MS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsMS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applications
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
 
Pixels_Camp
Pixels_CampPixels_Camp
Pixels_Camp
 
domain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfdomain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdf
 
domain-routing.pptx
domain-routing.pptxdomain-routing.pptx
domain-routing.pptx
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administrators
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
Maven 2 - more than a build tool
Maven 2 - more than a build toolMaven 2 - more than a build tool
Maven 2 - more than a build tool
 
Optimize
OptimizeOptimize
Optimize
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINX
 
Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent webinar 02-19-2015
Continuent webinar 02-19-2015
 
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
 
VMware cloud on AWS
VMware cloud on AWSVMware cloud on AWS
VMware cloud on AWS
 
Citrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCitrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdf
 
Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1
 
SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 

Mehr von Dave Hay

Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Dave Hay
 
Dave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave Hay
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave Hay
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave Hay
 
Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Dave Hay
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 

Mehr von Dave Hay (6)

Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3
 
Dave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administrators
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 

Kürzlich hochgeladen

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Kürzlich hochgeladen (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Suppress WAS HTTP Headers

  • 1. Suppressing HTTP Headers from WebSphere Application Server 18 December 2013 Version 0.5 Dave Hay IBM Software Services for WebSphere (ISSW) david_hay@uk.ibm.com +44 7802 918423
  • 2. The Problem ● Our client has identified a risk, in terms of providing too much information to a potential attacker, due to WebSphere Application Server (WAS) returning it's version string in the HTTP headers returned from a simple HTTPS request.
  • 3. This is what we see ● This is from IBM BPM Standard 7.5.1.1 ( Process Center )
  • 4. This is how we resolve it ● ● WAS includes the ability to override certain HTTP headers. Overrides include: ServerHeaderValue – Allows Server Header to be set to a custom string RemoveServerHeader – Allows Server Header to be completed removed ● This is documented in the Information Center ( see Bibliography )
  • 5. How to set HTTP Headers - 1/2
  • 6. How to set HTTP Headers - 2/2 OR
  • 9. Backup ● ● The same “risk” has been identified with IBM HTTP Server. This can be mitigated by adding: AddServerHeader Off ServerTokens Prod ServerSignature Off to the IHS httpd.conf file.
  • 10. Bibliography WAS 8.0 - Information Center - HTTP transport channel custom properties WAS 7.0 – Information Center - HTTP transport custom properties Apache Documentation - ServerSignature Directive Apache Documentation - ServerTokens Directive IHS Documentation - AddServerHeader Directive