SlideShare a Scribd company logo

Suppressing http headers from web sphere application server

Dave Hay
Dave Hay
Technology
1 of 10
Download to read offline
Suppressing HTTP Headers from WebSphere Application Server 18 December 2013 Version 0.5 Dave Hay IBM Software Services for WebSphere (ISSW) david_hay@uk.ibm.com +44 7802 918423
The Problem ● Our client has identified a risk, in terms of providing too much information to a potential attacker, due to WebSphere Application Server (WAS) returning it's version string in the HTTP headers returned from a simple HTTPS request.
This is what we see ● This is from IBM BPM Standard 7.5.1.1 ( Process Center )
This is how we resolve it ● ● WAS includes the ability to override certain HTTP headers. Overrides include: ServerHeaderValue – Allows Server Header to be set to a custom string RemoveServerHeader – Allows Server Header to be completed removed ● This is documented in the Information Center ( see Bibliography )
How to set HTTP Headers - 1/2
How to set HTTP Headers - 2/2 OR
Example – Using ServerHeaderValue
Example – Using RemoveServerHeader
Backup ● ● The same “risk” has been identified with IBM HTTP Server. This can be mitigated by adding: AddServerHeader Off ServerTokens Prod ServerSignature Off to the IHS httpd.conf file.
Bibliography WAS 8.0 - Information Center - HTTP transport channel custom properties WAS 7.0 – Information Center - HTTP transport custom properties Apache Documentation - ServerSignature Directive Apache Documentation - ServerTokens Directive IHS Documentation - AddServerHeader Directive

Recommended

DevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoDevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San Francisco
Amazon Web Services
 
How to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdfHow to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdf
Amazon Web Services
 
Disaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWSDisaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWS
Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
Service mesh(istio) monitoring
Service mesh(istio) monitoringService mesh(istio) monitoring
Service mesh(istio) monitoring
Jeong-Ho Na
 
MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바
NeoClova
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft Azure
Krunal Trivedi
 

Recommended

DevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoDevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San Francisco
Amazon Web Services
 
How to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdfHow to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdf
Amazon Web Services
 
Disaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWSDisaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWS
Amazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Web Services
 
Service mesh(istio) monitoring
Service mesh(istio) monitoringService mesh(istio) monitoring
Service mesh(istio) monitoring
Jeong-Ho Na
 
MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바
NeoClova
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft Azure
Krunal Trivedi
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
Latent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkLatent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with Spark
Sandy Ryza
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
Brendan Jennings
 
Cross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis Enterprise
Cihan Biyikoglu
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어
Kyle(KY) Yang
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs World
Kellyn Pot'Vin-Gorman
 
Intro to Azure Service Bus
Intro to Azure Service BusIntro to Azure Service Bus
Intro to Azure Service Bus
George Grammatikos
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
Doyoon Kim
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
Amazon Web Services Korea
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Stenio Ferreira
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with Docker
MariaDB plc
 
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
Amazon Web Services Korea
 
AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)
Reham Maher El-Safarini
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Guy Barrette
 
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
Amazon Web Services Korea
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud Services
Kajal Kathrotiya
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introduction
leo lapworth
 
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
Amazon Web Services Korea
 
Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockouts
Richard Diver
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
 

More Related Content

What's hot

AWS Route53
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies
 
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
Amazon Web Services Korea
 
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
Amazon Web Services Korea
 

What's hot (20)

Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
 
Latent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkLatent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with Spark
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
 
Cross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis Enterprise
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs World
 
Intro to Azure Service Bus
Intro to Azure Service BusIntro to Azure Service Bus
Intro to Azure Service Bus
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with Docker
 
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
 
AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud Services
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introduction
 
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
 

Viewers also liked

IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
Dave Hay
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
John Garland
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
thebigredhemi
 

Viewers also liked (12)

Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockouts
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
iPlanet Request Processing
iPlanet Request ProcessingiPlanet Request Processing
iPlanet Request Processing
 
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileAAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Websphere Application Server v7
Websphere Application Server v7Websphere Application Server v7
Websphere Application Server v7
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 

Similar to Suppressing http headers from web sphere application server

MS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsMS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applications
Spiffy
 
domain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfdomain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdf
ssusere9bd3b
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administrators
Sharon James
 
Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent webinar 02-19-2015
Continuent webinar 02-19-2015
Continuent
 

Similar to Suppressing http headers from web sphere application server (20)

Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
 
AWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideAWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On Guide
 
MS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsMS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applications
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
 
Pixels_Camp
Pixels_CampPixels_Camp
Pixels_Camp
 
domain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfdomain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdf
 
domain-routing.pptx
domain-routing.pptxdomain-routing.pptx
domain-routing.pptx
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administrators
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
Maven 2 - more than a build tool
Maven 2 - more than a build toolMaven 2 - more than a build tool
Maven 2 - more than a build tool
 
Optimize
OptimizeOptimize
Optimize
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINX
 
Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent webinar 02-19-2015
Continuent webinar 02-19-2015
 
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
 
VMware cloud on AWS
VMware cloud on AWSVMware cloud on AWS
VMware cloud on AWS
 
Citrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCitrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdf
 
Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1
 
SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 

More from Dave Hay

Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
Dave Hay
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
Dave Hay
 

More from Dave Hay (6)

Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3
 
Dave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administrators
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

Suppressing http headers from web sphere application server

  • 1. Suppressing HTTP Headers from WebSphere Application Server 18 December 2013 Version 0.5 Dave Hay IBM Software Services for WebSphere (ISSW) david_hay@uk.ibm.com +44 7802 918423
  • 2. The Problem ● Our client has identified a risk, in terms of providing too much information to a potential attacker, due to WebSphere Application Server (WAS) returning it's version string in the HTTP headers returned from a simple HTTPS request.
  • 3. This is what we see ● This is from IBM BPM Standard 7.5.1.1 ( Process Center )
  • 4. This is how we resolve it ● ● WAS includes the ability to override certain HTTP headers. Overrides include: ServerHeaderValue – Allows Server Header to be set to a custom string RemoveServerHeader – Allows Server Header to be completed removed ● This is documented in the Information Center ( see Bibliography )
  • 5. How to set HTTP Headers - 1/2
  • 6. How to set HTTP Headers - 2/2 OR
  • 9. Backup ● ● The same “risk” has been identified with IBM HTTP Server. This can be mitigated by adding: AddServerHeader Off ServerTokens Prod ServerSignature Off to the IHS httpd.conf file.
  • 10. Bibliography WAS 8.0 - Information Center - HTTP transport channel custom properties WAS 7.0 – Information Center - HTTP transport custom properties Apache Documentation - ServerSignature Directive Apache Documentation - ServerTokens Directive IHS Documentation - AddServerHeader Directive