InformationWhen a resource is requested from the Web Connector via HTTP, the response contains headers with information about the server which generated the response.
This information can help an attacker to quickly identify which version you are running and consequently tune the attack attempts specifically for your software instance.
SolutionIn order to hide or mask these headers we can set up the web subsystem with the following:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="example.com" native="false">
<virtual-server name="example.com" enable-welcome-root="false">