[asterisk-bugs] [JIRA] (ASTERISK-24316) For httpd server, need option to define server name for security purposes

Ashley Sanders (JIRA) noreply at issues.asterisk.org
Fri Jan 30 10:55:34 CST 2015


     [ https://issues.asterisk.org/jira/browse/ASTERISK-24316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ashley Sanders closed ASTERISK-24316.
-------------------------------------

    Resolution: Fixed

> For httpd server, need option to define server name for security purposes
> -------------------------------------------------------------------------
>
>                 Key: ASTERISK-24316
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24316
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Core/HTTP
>            Reporter: Andrew Nagy
>            Assignee: Ashley Sanders
>            Severity: Minor
>
> For security reasons it would be nice if there was an option in http.conf that allowed us to override the Web Server name that is applied in the outgoing headers.
> Right now asterisk will proudly announce that is it Asterisk and it's version to the world. With more and more people using ARI and WebRTC this is bad practice as people can scour the internet to find compromised version of Asterisk pretty easily.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list