Admin Page Feature Request

In the age of information awareness and increased security, it became a standard rule to not allow people to do information gathering on your system (at least, as much as possible). I would like it if the HTTP server headers for the admin pages did not give out the OS and Java release information; or at least an option to disable/change it. So instead of:

Server: Jetty/5.1.x (Linux/2.6.18-3-amd64 amd64 java/1.5.0_10

(Which by the way dosnt have a closing parenthesis on it)

Something like this:

Server: Jetty

(Or just leave it off entirely)

Hi Jay,

well, the xmpp iq packets to query local time and os are even worse. I use a reverse proxy in front of my web servers which filters out the server header of them but using a privacy list to disable the iq packets is not so cool.


should do it in Wildfire’'s source code.


Hey guys,

Thanks for the bug/improvement report. I filed JM-946 for this issue and will check in a fix (once I have permission again on SVN).


– Gato

Ick- I didnt know about the iq packets for os (time is ok, that can be determined in so many ways I expect an outsider to be able to figure out what my clock says)

There should be a way to prevent this too (tack it all into the security page or something)