Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set custom Http header "server" for Spring Boot applications

By default the HTTP "server" header for Spring Boot applications with embedded Tomcat is:

Server → Apache-Coyote/1.1

How can it in Spring Boot be achieved to use another (custom) "server" header?

For Tomcat itself, it can be configured at the <Connector> element in XML via the server attribute:

From https://tomcat.apache.org/tomcat-8.0-doc/security-howto.html#Connectors :

The server attribute controls the value of the Server HTTP header. The default value of this header for Tomcat 4.1.x to 8.0.x is Apache-Coyote/1.1. This header can provide limited information to both legitimate clients and attackers.

But attackers will still know that this is a Tomcat server.

like image 707
Thomas Jäckle Avatar asked Oct 07 '15 14:10

Thomas Jäckle


1 Answers

You can set custom headers using the StaticHeadersWriter in your Security config, here's a Java config example:

public class SecurityConfig extends WebSecurityConfigurerAdapter {
  protected void configure(HttpSecurity http) throws Exception {
    http
      .headers()
        .addHeaderWriter(new StaticHeadersWriter("Server","here to serve you"))
      ....
  }
  ...
}
like image 118
ikumen Avatar answered Oct 13 '22 17:10

ikumen