Configuring Jetty in Standalone ORDS

thatjeffsmith ORDS 0 Comments

Tell Others About This Story:

For all of my ORDS demos, I’m running it as a standalone process. There’s no Tomcat or Apache involved – and that’s OK. Your needs may require otherwise, and that’s OK too.

ORDS has a VERY flexible implementation model. We DO support standalone installs FWIW.

When running in a standalone configuration like this, ORDS’ HTTP(S) functionality is being delivered by an embedded Jetty web server. Jetty is an Eclipse project. Very cool stuff – used by LOTS of solutions out there.

Anyhow, a customer asked:

Hi,

Can we hide Jetty version in the header response ?
which is :

Server : Jetty(9.2.z-SNAPSHOT)

Or in other words, they’re not a big fan of THIS

What’s the big deal?

Security by obscurity – maybe you don’t want to advertise that you’re running Jetty.

Ok, so how do we make that go away?

Thankfully it’s pretty easy.

The ETC\JETTY XML Config File

In your ORDS-INSTALL-HOME\standalone directory, create a subdirectory ‘etc’

Then in THAT directory, create an jetty-http.xml file.

Then in THAT file, add these lines

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
  <Set name="sendServerVersion">false</Set>
</Configure>

Restart ORDS.

Refresh your ORDS request, check the response header.

Nothing to see here…

Cool? Cool.

There’s a TON of Jetty Config Options Available

Kris has talked about a few of them before. For example, this post on how to enable Access logs for Jetty pretty much told me HOW to do this post today.

Ok, so what else can I change?

You’ll want to take a look at the Jetty API docs. Here’s the interesting bits on controlling the response header.

Tell Others About This Story:

Leave a Reply

Your email address will not be published. Required fields are marked *