Check Tomcat Version Remotely: Web Interface and curl Methods

Mar 26, 2026

Cowrie

Dev @ Bswen

I was building a monitoring dashboard for our server infrastructure and needed to display Tomcat version information for each server. The problem? I didn’t have SSH access to all servers, and I couldn’t install agents on them either. What I did have was HTTP access to the Tomcat web interface on port 8080.

After some experimentation, I found two simple methods to check Tomcat version remotely—using a web browser or curl command.

The Problem

When you’re managing multiple Tomcat servers, you often need to verify versions for:

• Security patching - Checking if servers are running vulnerable versions
• Upgrade planning - Knowing which servers need updates
• Monitoring dashboards - Displaying version info alongside health metrics

But sometimes you don’t have SSH access. Maybe security policies restrict direct server access, or you’re working from a restricted network. You need an HTTP-based solution.

Method 1: Using the Web Interface

Tomcat displays its version prominently on the default homepage. When Tomcat is running and accessible, you can check the version by simply opening a browser.

Local Server

Navigate to:

Local Tomcat URL

http://localhost:8080

The page title shows the version immediately:

Browser tab or page title

Apache Tomcat/10.1.52

Remote Server

For remote servers, replace localhost with the server IP address:

Remote Tomcat URL

http://192.168.1.100:8080

The version appears in the same place—right in the page title.

I tried this on several servers in our infrastructure and it worked consistently. However, I hit a few issues along the way.

Problem: Connection Refused

On one server, I got a connection refused error. The issue was Tomcat wasn’t running:

Check if Tomcat is running

curl -s http://192.168.1.100:8080
curl: (7) Failed to connect to 192.168.1.100 port 8080: Connection refused

Fix: Start Tomcat or verify the service is running.

Problem: Timeout

Another server timed out completely. I checked the firewall rules and found port 8080 was blocked:

Check firewall rules (Ubuntu/Debian)

sudo ufw status

Fix: Open port 8080 in the firewall:

Allow port 8080

sudo ufw allow 8080/tcp

Problem: Different Port

Some teams configure Tomcat on non-standard ports. I found one server running on port 8081:

Custom port URL

http://192.168.1.100:8081

Always check your server.xml configuration if the default port doesn’t work.

Method 2: Using curl for Automation

While the web interface works for manual checks, I needed something scriptable for our monitoring system. That’s where curl comes in.

Basic curl Command

Check Tomcat version with curl

curl -s http://localhost:8080 | grep title

Output:

curl output with title

<title>Apache Tomcat/10.1.52</title>

The -s flag makes curl silent—no progress meter, just the page content.

Remote Server Check

Check remote Tomcat version

curl -s http://192.168.1.100:8080 | grep title

Output:

Remote curl output

<title>Apache Tomcat/10.1.52</title>

Extract Just the Version Number

For monitoring scripts, I needed just the version number without the HTML tags:

Extract version number only

curl -s http://localhost:8080 | grep -oP 'Apache Tomcat/\K[0-9.]+'

Output:

Clean version output

10.1.52

This uses a Perl-compatible regex (-P) with a positive lookbehind (\K) to extract only the version digits.

Integration into Monitoring Scripts

Here’s how I integrated version checking into a monitoring script:

monitor-tomcat-version.sh

#!/bin/bash

# Tomcat server list
SERVERS=("192.168.1.100" "192.168.1.101" "192.168.1.102")
PORT="8080"

echo "=== Tomcat Version Check ==="
echo ""

for SERVER in "${SERVERS[@]}"; do
    VERSION=$(curl -s --connect-timeout 5 "http://${SERVER}:${PORT}" | grep -oP 'Apache Tomcat/\K[0-9.]+')

    if [ -z "$VERSION" ]; then
        echo "${SERVER}: UNREACHABLE"
    else
        echo "${SERVER}: Tomcat ${VERSION}"
    fi
done

Sample output:

Monitoring script output

=== Tomcat Version Check ===

192.168.1.100: Tomcat 10.1.52
192.168.1.101: Tomcat 10.0.27
192.168.1.102: UNREACHABLE

The --connect-timeout 5 flag ensures the script doesn’t hang on unreachable servers.

Common Mistakes I Made

Mistake 1: Using localhost on Remote Servers

I initially tried:

Wrong approach

ssh [email protected] "curl http://localhost:8080 | grep title"

This defeats the purpose—it requires SSH access. The whole point is to check remotely without SSH.

Correct approach:

Correct remote check

curl -s http://192.168.1.100:8080 | grep title

Mistake 2: Forgetting HTTPS

Some production servers use HTTPS with a self-signed certificate. My curl command failed with:

SSL certificate error

curl: (60) SSL certificate problem: self signed certificate

Fix: Use -k flag to skip certificate verification:

Skip SSL verification

curl -sk https://192.168.1.100:8443 | grep title

Mistake 3: Assuming Port 8080

I wrote a script assuming all Tomcat servers use port 8080. Then I encountered servers on ports 8081, 8180, and even 80.

Always make the port configurable:

Configurable port

PORT=${TOMCAT_PORT:-8080}
curl -s "http://${SERVER}:${PORT}" | grep title

Security Considerations

Exposing the Tomcat version publicly is a security risk. Attackers can use version information to target known vulnerabilities.

Hiding the Version

You can modify server.xml to customize the server info:

server.xml

<Connector port="8080" protocol="HTTP/1.1"
           server="WebServer" />

After this change, the title shows:

Modified server info

<title>WebServer</title>

However, this means my version checking method won’t work either. For internal monitoring, this is acceptable—you control both sides.

Restricting Access

A better approach is restricting who can access the homepage:

• Configure firewall rules to allow only monitoring systems
• Use Tomcat’s RemoteAddrValve to restrict by IP
• Remove or secure the ROOT web application

When This Method Works Best

This HTTP-based approach is ideal for:

• Monitoring dashboards - Quick health checks from monitoring tools
• CI/CD pipelines - Verify deployments without SSH
• Container environments - Check version via exposed port
• Restricted networks - When SSH isn’t available

When this method doesn’t work:

• Tomcat not running - Server must be up and accessible
• Firewall blocking - Port 8080 must be open
• Custom homepage - If ROOT app is replaced, version may not display
• Security hardening - Version info may be hidden

Alternative: Using the Manager App

If you have Tomcat Manager installed (and credentials), you can also check the version through the manager interface:

Check via Manager app

curl -s -u admin:password http://localhost:8080/manager/serverinfo

This provides more detailed information but requires authentication setup.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags:

• devops
• backend
• career

ChatGPT 5.4 Pro vs Claude Opus 4.6: Which AI Fits Your Workflow?

How to Implement Tool Calling with Confidence Levels in Spring AI