It’s important to hide the version of Tomcat that is being used to ensure the baddies are unsure!

Create a new set of directories under the Tomcat lib directory:

mkdir -p /opt/apache/tomcat/lib/org/apache/catalina/util

Then create a new file under the newly created util directory called ServerInfo.properties, and copy the below into it:

server.info=

The server.info property takes a string, but it’s better to have no information on version at all, so the above hides it completely.

Then restart Tomcat, and if you enter a bad request the version will not be included.