Disabling X-Powered-By Flag in IBM Content Navigator on Standalone WebSphere Application Server

Question & Answer

Question

Our security team recently identified the presence of the "X-Powered-By" header in the response from IBM Content Navigator, raising concerns about potential web server fingerprinting. In an effort to address this, we followed the instructions outlined in the following link:

https://help.hcltechsw.com/unica/Interact/10.1.0/Installation/config_post_deployment/disabling_x-powered-by_flag_2.html

Despite implementing the provided steps, the "X-Powered-By" flag continued to persist in the response header.

Cause

It appears that the parameter value specified in the provided link was incorrect.

Answer

The correct setting to disable the "X-Powered-By" flag is as follows:

 com.ibm.ws.webcontainer.disablexPoweredBy=true

Kindly ensure that this parameter is set to "true" to successfully disable the "X-Powered-By" flag in IBM Content Navigator on your Standalone WebSphere Application Server.

[{"Type":"MASTER","Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"},"Business Unit":{"code":"BU056","label":"Miscellaneous"},"Product":{"code":"SSEUEX","label":"IBM Content Navigator"},"ARM Category":[{"code":"a8m0z0000001gtfAAA","label":"ICN-\u003ECore-\u003ESecurity Vulnerability"}],"ARM Case Number":"TS014756755","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Disabling X-Powered-By Flag in IBM Content Navigator on Standalone WebSphere Application Server

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?