I am working with the ATG platform and cannot figure out how to hide or remove the section of the response header "X-ATG-Version: xxxxxxx". I am using JBoss and I have figured out how to remove the "X-powered-by" part of the header but no luck with the ATG part. I am trying to accomplish this for security purposes.
Asked
Active
Viewed 697 times
1 Answers
5
You are not saying which version of ATG you are running or whether you are hosting it behind a WebServer.
In the ATG Documentation it suggests that you can turn off the header in the HeadPipelineServlet using the addingAtgVersionHeader property. You can find the HeadPipelineServlet in the /atg/dynamo/servlet/pipeline/DynamoHandler component. When you do add this property, make sure you add it via the properties file and restart. Changing it in /dyn/admin does not make a difference.
Alternatively you can hide it in your Webserver Configuration. In Apache the following is sufficient:
Header unset X-ATG-Version
And it works reliably.
radimpe
- 3,197
- 2
- 27
- 46
-
Sorry, I am using ATG 9.1 and using JBoss application server. I am new to ATG and JBoss. I think the server configuration would be the way to go for me. However, I am not sure which .config or .xml file in JBoss to add the string you have listed above. – user2465337 Oct 08 '15 at 13:44
-
1The `Header unset X-ATG-Version` configuration is in Apache in the httpd.conf. Your best bet would then be to change it in the DynamoHandler.properties in your localconfig. – radimpe Oct 08 '15 at 20:56