WebSphere Application Server & Liberty

 View Only
  • 1.  Server Signature

    Posted 12 days ago

    Hi All,

    Due to Vulnerability issue, I want to disable the server signature in XML file of WebSphere Application that is on windows server, Pls help me with steps and XML steps also, thanks

    ravi pal

  • 2.  RE: Server Signature

    Posted 9 days ago

    Hi ,

    Before making any change make sure to backup 

    1. Locate this file on your server where you intend to disable server signature  " C:\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\nodes\<node_name>\servers\<server_name>\server.xml" 
    2. Backup this file 
    3. edit this file and locate the <webContainer> Element "<webContainer invokeFlushAfterService="false" maxConnections="100" ..."
    4. append this value here "  suppressIBMExtensionHeader="true" " 
    5. This attribute, when set to "true" will suppress the IBM-specific server signature.
    6. save server.xml
    7. synch node & restart JVM's 

    This should then suppress IBM-Specific server signature from the application deployed on WAS 

    Please note that making changes to the server.xmk file can affect the behavior of your WebSphere Application Server, so proceed with caution and ensure you have a backup of the original configuration. Additionally, be aware that the exact paths and configuration details may vary depending on your specific installation and version of WebSphere Application Server.


    Shivraj Mudaliyar
    Associate Director | Enterprise Architecture
    Kyndryl Ireland

  • 3.  RE: Server Signature
    Best Answer

    IBM Champion
    Posted 9 days ago
    Edited by Gabriel Marte Blanco 2 days ago

    Hello Ravi,

    if you are talking about the server signature created by the WAS WebContainer @Shivraj M provided a solution (thanks for that).

    But if you are using an IBM HTTP Server with the WAS Plugin as an intermediary system before the WAS server you might need to set the `ServerTokens` and `ServerSignature` directived in the IHS configuration file. 

    Furthermore this link: https://garden114.blogspot.com/2020/06/websphere-how-to-disable-server-name.html seems to be a good summary of options as well. 

    Hermann Huebler
    2innovate IT Consulting GmbH