CODEWITHSUNDEEP
javajetty
Jay
Jay

Reputation: 20126

Remove the HTTP Server header in Jetty 9

This is how you hide the server version in Jetty 8:

Server server = new Server(port);
server.setSendServerVersion(false);

How do you do it in Jetty 9? So now it should look something like this?

HttpConfiguration config = new HttpConfiguration();
config.setSendServerVersion(false);
//TODO: Associate config with server???
Server server = new Server(port);

Upvotes: 26

Views: 29501

Answers (7)

宏杰李
宏杰李

Reputation: 12158

in jetty9.2, change this config to false in start.ini

# should jetty send the server version header?
jetty.send.server.version=true

Upvotes: 0

Krzysztof Tomaszewski
Krzysztof Tomaszewski

Reputation: 1144

Lambda-style variant of Jacob's solution (which worked for me):

final Server server = new Server(port);
Stream.of(server.getConnectors()).flatMap(connector -> connector.getConnectionFactories().stream())
            .filter(connFactory -> connFactory instanceof HttpConnectionFactory)
            .forEach(httpConnFactory -> ((HttpConnectionFactory)httpConnFactory).getHttpConfiguration().setSendServerVersion(false));

Upvotes: 3

djschny
djschny

Reputation: 689

In Jetty 9, you need to configure it on HttpConfiguration:

HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSendServerVersion( false );
HttpConnectionFactory httpFactory = new HttpConnectionFactory( httpConfig );
ServerConnector httpConnector = new ServerConnector( server,httpFactory );
server.setConnectors( new Connector[] { httpConnector } );

Upvotes: 37

Tarator
Tarator

Reputation: 1525

If you use jetty9 as a standalone server you can disable the server signature by setting jetty.httpConfig.sendServerVersion=false in the file start.ini.

Upvotes: 11

EricJ
EricJ

Reputation: 96

Some security analysis software will flag sending the server version in the response header as an issue.

OP was looking for solution for embedded, but if your Jetty deployment uses the server.ini file, you can simply set jetty.send.server.version=false

Upvotes: 1

Jay
Jay

Reputation: 20126

If worked out some code that seems to work. Not sure if its right, but at least it works (:

Server server = new Server(port);
for(Connector y : server.getConnectors()) {
    for(ConnectionFactory x  : y.getConnectionFactories()) {
        if(x instanceof HttpConnectionFactory) {
            ((HttpConnectionFactory)x).getHttpConfiguration().setSendServerVersion(false);
        }
    }
}

Upvotes: 29

jesse mcconnell
jesse mcconnell

Reputation: 7182

There is now an HttpConfiguration object with that setting on it.

org.eclipse.jetty.server.HttpConfiguration

Look to the jetty.xml for the section on http configuration section showing how to setup the object and then the jetty-http.xml file which shows how that configuration is used. Remember that the jetty xml files are really just a thin skin over java and work basically the same.

http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/config/etc/jetty.xml

http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/config/etc/jetty-http.xml

Upvotes: 2

Related Questions