For all of my ORDS demos, I’m running it as a standalone process. There’s no Tomcat or Apache involved – and that’s OK. Your needs may require otherwise, and that’s OK too.

ORDS has a VERY flexible implementation model. We DO support standalone installs FWIW.

When running in a standalone configuration like this, ORDS’ HTTP(S) functionality is being delivered by an embedded Jetty web server. Jetty is an Eclipse project. Very cool stuff – used by LOTS of solutions out there.

Anyhow, a customer asked:

Hi,

Can we hide Jetty version in the header response ?
which is :

Server : Jetty(9.2.z-SNAPSHOT)

Or in other words, they’re not a big fan of THIS

What’s the big deal?

Security by obscurity – maybe you don’t want to advertise that you’re running Jetty.

Ok, so how do we make that go away?

Thankfully it’s pretty easy.

The ETC\JETTY XML Config File

In your ORDS-INSTALL-HOME\standalone directory, create a subdirectory ‘etc’

Then in THAT directory, create an jetty-http.xml file.

Then in THAT file, add these lines

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
  <Set name="sendServerVersion">false</Set>
</Configure>

Restart ORDS.

Refresh your ORDS request, check the response header.

Nothing to see here…

Cool? Cool.

There’s a TON of Jetty Config Options Available

Kris has talked about a few of them before. For example, this post on how to enable Access logs for Jetty pretty much told me HOW to do this post today.

Ok, so what else can I change?

You’ll want to take a look at the Jetty API docs. Here’s the interesting bits on controlling the response header.

Author

I'm a Distinguished Product Manager at Oracle. My mission is to help you and your company be more efficient with our database tools.

9 Comments

  1. soumya sundar das Reply

    Hi jeff,

    I am using nssm tool(https://nssm.cc/download) and created a service in windows to startup/shutdown the ords service.
    Now I am looking for a way out to capture the output which is observed once you start the ords
    e.g java -jar D:\ords21.2\ords.war standalone

    Is there anyway i can capture this using any options or anything?

    Would really appreciate if you could help me on this.

  2. Jeff,

    With ORDS 22.1 we no longer have a ORDS-INSTALL-HOME\standalone by default when running ORDS in standalone mode…

    I’ve not played around with this yet with ORDS 22.1… Should we be adding a \standalone\etc directory to our ORDS-INSTALL-HOME?

    Also, correct me if I’m wrong, but wouldn’t this really go into the ORDS-CONFIGURATION-HOME and not the ORDS-INSTALL-HOME?

    Thanks!

  3. Ankush Srivastava Reply

    Hello Jeff,

    We were planning to deploy ORDS on Production with the embedded jetty option as our other internal java apps for our project are not on Tomcat/Weblogic.
    Do you think standalone is good to go ahead with in this case?
    Please can you specify any disadvantages as I am not able to find it anywhere. Thanks.

    • Not having the features of Tomcat, logging/config/authentication tie in features come to mind. You can get a lot of this from Jetty, but Tomcat makes it much easier.

Write A Comment