WebSphere Application Server & Liberty

 View Only
  • 1.  Server Signature

    Posted Fri September 15, 2023 11:44 AM

    Hi All,

    Due to Vulnerability issue, I want to disable the server signature in XML file of WebSphere Application that is on windows server, Pls help me with steps and XML steps also, thanks

    ravi pal

  • 2.  RE: Server Signature

    Posted Mon September 18, 2023 07:47 AM

    Hi ,

    Before making any change make sure to backup 

    1. Locate this file on your server where you intend to disable server signature  " C:\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\nodes\<node_name>\servers\<server_name>\server.xml" 
    2. Backup this file 
    3. edit this file and locate the <webContainer> Element "<webContainer invokeFlushAfterService="false" maxConnections="100" ..."
    4. append this value here "  suppressIBMExtensionHeader="true" " 
    5. This attribute, when set to "true" will suppress the IBM-specific server signature.
    6. save server.xml
    7. synch node & restart JVM's 

    This should then suppress IBM-Specific server signature from the application deployed on WAS 

    Please note that making changes to the server.xmk file can affect the behavior of your WebSphere Application Server, so proceed with caution and ensure you have a backup of the original configuration. Additionally, be aware that the exact paths and configuration details may vary depending on your specific installation and version of WebSphere Application Server.


    Shivraj Mudaliyar
    Associate Director | Enterprise Architecture
    Kyndryl Ireland

  • 3.  RE: Server Signature
    Best Answer

    IBM Champion
    Posted Tue September 19, 2023 02:32 AM
    Edited by Gabriel Marte Blanco Mon September 25, 2023 11:22 AM

    Hello Ravi,

    if you are talking about the server signature created by the WAS WebContainer @Shivraj M provided a solution (thanks for that).

    But if you are using an IBM HTTP Server with the WAS Plugin as an intermediary system before the WAS server you might need to set the `ServerTokens` and `ServerSignature` directived in the IHS configuration file. 

    Furthermore this link: https://garden114.blogspot.com/2020/06/websphere-how-to-disable-server-name.html seems to be a good summary of options as well. 

    Hermann Huebler
    2innovate IT Consulting GmbH