Security Configuration

Version 5
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    FootPrints


    APPLIES TO:

    Footprints 12.X and 20.XX



    PROBLEM:

     Server version being used shown when http 404 error thrown


     


    CAUSE:

    DRZNZ-5485


    SOLUTION:

     

    Hiding server information on the error page of Tomcat 

      
       
    1. We can hide the server version on the error page by adding below tag in Host section of Server.xml in tomcat 

      
       
    1.  

      
       
    1. <Valve className="org.apache.catalina.valves.ErrorReportValve" 

      

                showServerInfo="false"/> 

      

     

      
       
    1. Ex- 

      

     

      

     

      

    Adding security headers in every server call 

      
       
    1. Go <Tomcat_location>/Conf/ directory 

      
       
    1. Open Web.xml file 

      
       
    1. Find the filter with name httpHeaderSecurity 

      
       
    1. Change it according to following screenshot 

    2.  
    3.  

      

     

      
       
    1. Now search for <filter-mapping> with name httpHeaderSecurity 

      
       
    1. Change it according to following screenshot 

      

     

     


    Article Number:

    000174896


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles