[asterisk-bugs] [JIRA] (ASTERISK-24316) For httpd server, need option to define server name for security purposes

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Jul 27 10:26:20 CDT 2016


     [ https://issues.asterisk.org/jira/browse/ASTERISK-24316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-24316:
-------------------------------------

    Target Release Version/s: 14.0.0

> For httpd server, need option to define server name for security purposes
> -------------------------------------------------------------------------
>
>                 Key: ASTERISK-24316
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24316
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Core/HTTP
>            Reporter: Andrew Nagy
>            Assignee: Ashley Sanders
>            Severity: Minor
>      Target Release: 13.2.0, 14.0.0
>
>
> For security reasons it would be nice if there was an option in http.conf that allowed us to override the Web Server name that is applied in the outgoing headers.
> Right now asterisk will proudly announce that is it Asterisk and it's version to the world. With more and more people using ARI and WebRTC this is bad practice as people can scour the internet to find compromised version of Asterisk pretty easily.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list