SlideShare una empresa de Scribd logo

Suppressing http headers from web sphere application server

Dave Hay
Dave Hay
Tecnología
1 de 10
Descargar para leer sin conexión
Suppressing HTTP Headers from WebSphere Application Server 18 December 2013 Version 0.5 Dave Hay IBM Software Services for WebSphere (ISSW) david_hay@uk.ibm.com +44 7802 918423
The Problem ● Our client has identified a risk, in terms of providing too much information to a potential attacker, due to WebSphere Application Server (WAS) returning it's version string in the HTTP headers returned from a simple HTTPS request.
This is what we see ● This is from IBM BPM Standard 7.5.1.1 ( Process Center )
This is how we resolve it ● ● WAS includes the ability to override certain HTTP headers. Overrides include: ServerHeaderValue – Allows Server Header to be set to a custom string RemoveServerHeader – Allows Server Header to be completed removed ● This is documented in the Information Center ( see Bibliography )
How to set HTTP Headers - 1/2
How to set HTTP Headers - 2/2 OR
Example – Using ServerHeaderValue
Example – Using RemoveServerHeader
Backup ● ● The same “risk” has been identified with IBM HTTP Server. This can be mitigated by adding: AddServerHeader Off ServerTokens Prod ServerSignature Off to the IHS httpd.conf file.
Bibliography WAS 8.0 - Information Center - HTTP transport channel custom properties WAS 7.0 – Information Center - HTTP transport custom properties Apache Documentation - ServerSignature Directive Apache Documentation - ServerTokens Directive IHS Documentation - AddServerHeader Directive

Recomendados

DevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoDevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoAmazon Web Services
 
How to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdfHow to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdfAmazon Web Services
 
Disaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWSDisaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWSAmazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Service mesh(istio) monitoring
Service mesh(istio) monitoringService mesh(istio) monitoring
Service mesh(istio) monitoringJeong-Ho Na
 
MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바NeoClova
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵Amazon Web Services Korea
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft AzureKrunal Trivedi
 

Recomendados

DevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoDevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoAmazon Web Services
 
How to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdfHow to build a FullStack Airline Ticketing Web App.pdf
How to build a FullStack Airline Ticketing Web App.pdfAmazon Web Services
 
Disaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWSDisaster Recovery of on-premises IT infrastructure with AWS
Disaster Recovery of on-premises IT infrastructure with AWSAmazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Service mesh(istio) monitoring
Service mesh(istio) monitoringService mesh(istio) monitoring
Service mesh(istio) monitoringJeong-Ho Na
 
MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바MariaDB 마이그레이션 - 네오클로바
MariaDB 마이그레이션 - 네오클로바NeoClova
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵Amazon Web Services Korea
 
High Availability in Microsoft Azure
High Availability in Microsoft AzureHigh Availability in Microsoft Azure
High Availability in Microsoft AzureKrunal Trivedi
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECSAmazon Web Services
 
Latent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkLatent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkSandy Ryza
 
AWS Route53
AWS Route53AWS Route53
AWS Route53zekeLabs Technologies
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxyBrendan Jennings
 
Cross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCihan Biyikoglu
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어Kyle(KY) Yang
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldKellyn Pot'Vin-Gorman
 
Intro to Azure Service Bus
Intro to Azure Service BusIntro to Azure Service Bus
Intro to Azure Service BusGeorge Grammatikos
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기Doyoon Kim
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Amazon Web Services Korea
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with DockerMariaDB plc
 
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)Amazon Web Services Korea
 
AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)Reham Maher El-Safarini
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureGuy Barrette
 
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인Amazon Web Services Korea
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud ServicesKajal Kathrotiya
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introductionleo lapworth
 
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 AdvancedAmazon Web Services Korea
 
Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockoutsRichard Diver
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 

Más contenido relacionado

La actualidad más candente

Latent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkLatent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkSandy Ryza
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxyBrendan Jennings
 
Cross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCihan Biyikoglu
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어Kyle(KY) Yang
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldKellyn Pot'Vin-Gorman
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기Doyoon Kim
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Amazon Web Services Korea
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with DockerMariaDB plc
 
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)Amazon Web Services Korea
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft AzureGuy Barrette
 
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인Amazon Web Services Korea
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introductionleo lapworth
 
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 AdvancedAmazon Web Services Korea
 

La actualidad más candente (20)

Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
 
Latent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with SparkLatent Semantic Analysis of Wikipedia with Spark
Latent Semantic Analysis of Wikipedia with Spark
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
 
Cross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis EnterpriseCross Data Center Replication with Redis using Redis Enterprise
Cross Data Center Replication with Redis using Redis Enterprise
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어AWS CloudFront 가속 및 DDoS 방어
AWS CloudFront 가속 및 DDoS 방어
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs World
 
Intro to Azure Service Bus
Intro to Azure Service BusIntro to Azure Service Bus
Intro to Azure Service Bus
 
20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기20명 규모의 팀에서 Vault 사용하기
20명 규모의 팀에서 Vault 사용하기
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 
Getting started with MariaDB with Docker
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with Docker
 
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
9월 웨비나 - AWS에서의 네트워크 보안 (이경수 솔루션즈 아키텍트)
 
AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)AWS cloud adoption framework (caf)
AWS cloud adoption framework (caf)
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
오라클 DB를 AWS 데이터베이스로 마이그레이션 하기 - 윤기원 :: AWS Database Modernization Day 온라인
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud Services
 
AWS CDK introduction
AWS CDK introductionAWS CDK introduction
AWS CDK introduction
 
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
고급 클라우드 아키텍처 방법론- 양승도 솔루션즈 아키텍트:: AWS Cloud Track 2 Advanced
 

Destacado

Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockoutsRichard Diver
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileAAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileWASdev Community
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...Dave Hay
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CJohn Garland
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directorythoms1i
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Websphere Application Server v7
Websphere Application Server v7Websphere Application Server v7
Websphere Application Server v7Chris Sparshott
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Amazon Web Services
 

Destacado (12)

Active directory account lockouts
Active directory account lockoutsActive directory account lockouts
Active directory account lockouts
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
iPlanet Request Processing
iPlanet Request ProcessingiPlanet Request Processing
iPlanet Request Processing
 
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty ProfileAAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
AAI-3218 Production Deployment Best Practices for WebSphere Liberty Profile
 
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
IBM Connections and Desktop Single Sign-On using Microsoft Active Directory, ...
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
A Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2CA Developer's Introduction to Azure Active Directory B2C
A Developer's Introduction to Azure Active Directory B2C
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Websphere Application Server v7
Websphere Application Server v7Websphere Application Server v7
Websphere Application Server v7
 
Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud Running Active Directory in the AWS Cloud
Running Active Directory in the AWS Cloud
 

Similar a Suppressing http headers from web sphere application server

Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyAmit Aggarwal
 
AWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideAWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideManas Mondal
 
MS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsMS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsSpiffy
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAmazon Web Services
 
domain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfdomain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfssusere9bd3b
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSharon James
 
Maven 2 - more than a build tool
Maven 2 - more than a build toolMaven 2 - more than a build tool
Maven 2 - more than a build toolHarald Soevik
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXNGINX, Inc.
 
Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent
 
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...Timofey Turenko
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksAmazon Web Services
 
Citrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCitrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCCIEHOMER
 
Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Royal Cyber Inc.
 
SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWSAmazon Web Services
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 

Similar a Suppressing http headers from web sphere application server (20)

Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse ProxyNginx A High Performance Load Balancer, Web Server & Reverse Proxy
Nginx A High Performance Load Balancer, Web Server & Reverse Proxy
 
AWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On GuideAWS Application Migration Service-Hands-On Guide
AWS Application Migration Service-Hands-On Guide
 
MS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applicationsMS Cloud Day - Deploying and monitoring windows azure applications
MS Cloud Day - Deploying and monitoring windows azure applications
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
 
Pixels_Camp
Pixels_CampPixels_Camp
Pixels_Camp
 
domain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdfdomain-routing-220627173025-41f4dc7e (1).pdf
domain-routing-220627173025-41f4dc7e (1).pdf
 
domain-routing.pptx
domain-routing.pptxdomain-routing.pptx
domain-routing.pptx
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administrators
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
Maven 2 - more than a build tool
Maven 2 - more than a build toolMaven 2 - more than a build tool
Maven 2 - more than a build tool
 
Optimize
OptimizeOptimize
Optimize
 
Load Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINXLoad Balancing and Scaling with NGINX
Load Balancing and Scaling with NGINX
 
Continuent webinar 02-19-2015
Continuent webinar 02-19-2015Continuent webinar 02-19-2015
Continuent webinar 02-19-2015
 
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
DB proxy server test: run tests on tens of virtual machines with Jenkins, Vag...
 
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech TalksHow to Bring Microsoft Apps to AWS - AWS Online Tech Talks
How to Bring Microsoft Apps to AWS - AWS Online Tech Talks
 
VMware cloud on AWS
VMware cloud on AWSVMware cloud on AWS
VMware cloud on AWS
 
Citrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdfCitrix_1Y0-241_May_2023-v1.2.pdf
Citrix_1Y0-241_May_2023-v1.2.pdf
 
Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1Testing and deploying Hats Application on apache Geronimo Server 1.1
Testing and deploying Hats Application on apache Geronimo Server 1.1
 
SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS SRV320 Deep Dive on VMware Cloud on AWS
SRV320 Deep Dive on VMware Cloud on AWS
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 

Más de Dave Hay

Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Dave Hay
 
Dave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave Hay
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave Hay
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave Hay
 
Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Dave Hay
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with EverythingDave Hay
 

Más de Dave Hay (6)

Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3Installing web sphere application server v7 on red hat enterprise linux v6.3
Installing web sphere application server v7 on red hat enterprise linux v6.3
 
Dave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administratorsDave hay web sphere administration for domino administrators
Dave hay web sphere administration for domino administrators
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
Dave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory worldDave hay desktop single sign-on in an active directory world
Dave hay desktop single sign-on in an active directory world
 
Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...Web sphere user group march 2012 - desktop single sign-on in an active dire...
Web sphere user group march 2012 - desktop single sign-on in an active dire...
 
“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything“Secure Portal” or WebSphere Portal – Security with Everything
“Secure Portal” or WebSphere Portal – Security with Everything
 

Último

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Último (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Suppressing http headers from web sphere application server

  • 1. Suppressing HTTP Headers from WebSphere Application Server 18 December 2013 Version 0.5 Dave Hay IBM Software Services for WebSphere (ISSW) david_hay@uk.ibm.com +44 7802 918423
  • 2. The Problem ● Our client has identified a risk, in terms of providing too much information to a potential attacker, due to WebSphere Application Server (WAS) returning it's version string in the HTTP headers returned from a simple HTTPS request.
  • 3. This is what we see ● This is from IBM BPM Standard 7.5.1.1 ( Process Center )
  • 4. This is how we resolve it ● ● WAS includes the ability to override certain HTTP headers. Overrides include: ServerHeaderValue – Allows Server Header to be set to a custom string RemoveServerHeader – Allows Server Header to be completed removed ● This is documented in the Information Center ( see Bibliography )
  • 5. How to set HTTP Headers - 1/2
  • 6. How to set HTTP Headers - 2/2 OR
  • 9. Backup ● ● The same “risk” has been identified with IBM HTTP Server. This can be mitigated by adding: AddServerHeader Off ServerTokens Prod ServerSignature Off to the IHS httpd.conf file.
  • 10. Bibliography WAS 8.0 - Information Center - HTTP transport channel custom properties WAS 7.0 – Information Center - HTTP transport custom properties Apache Documentation - ServerSignature Directive Apache Documentation - ServerTokens Directive IHS Documentation - AddServerHeader Directive