Remove Header "Server: Apache-Coyote/1.1" From CA Test Data Manager Portal

Document ID : KB000074755
Last Modified Date : 23/03/2018
Show Technical Document Details
Introduction:
Due to security policies, the "Server" header must be removed from any responses from the TDM Portal.
Background:
When web server provide identifying information, it is seen as a security risk as it can provide additional information to malicious agents. This information may narrow down possible attack vectors.
Instructions:
The Server parameter cannot be removed, but it can be overridden to obfuscate the default value. This is a limitation within Tomcat itself. See the Tomcat Configuration Reference for details.

To override the value, do the following:
  1. Stop the CA Test Data Manager Portal service
  2. Open the server.xml in your favorite text editor.
    The default location is C:\Program Files\CA\CA Test Data Manager Portal\tomcat\conf
  3. Add a 'server="[value]"' setting to all enabled connectors within the file (see example below)
  4. Restart the CA Test Data Manager Portal service
Default connector entry:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="${tdmweb.keystorePath}" keystorePass="${tdmweb.keystorePassword}" keyAlias="${tdmweb.keyAlias}" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" connectionTimeout="60000"/>

Modified connector entry:
<Connector port="8443" server="TDM Portal" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="${tdmweb.keystorePath}" keystorePass="${tdmweb.keystorePassword}" keyAlias="${tdmweb.keyAlias}" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" connectionTimeout="60000"/>
Additional Information:
TDM Portal is based on Apache Tomcat. The default value of this header for Tomcat 4.1.x to 9.0.x is Apache-Coyote/1.1. This default value provides limited information to a potential attacker.

Tomcat Configuration Reference