[asterisk-dev] [Code Review] 4377: Testsuite: For httpd server, need option to define server name for security purposes
wdoekes
reviewboard at asterisk.org
Tue Jan 27 01:46:47 CST 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4377/#review14306
-----------------------------------------------------------
> 1) Server: Asterisk/<version
> 2) Server: JohnMcClane
> 3) Server:
Any particular reason why we don't simply omit the header in the third case?
The ABNF at 14.38 here [1] says:
Server = "Server" ":" 1*( product | comment )
that is, one or more, not zero or more
[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
- wdoekes
On Jan. 27, 2015, 3:27 a.m., Ashley Sanders wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4377/
> -----------------------------------------------------------
>
> (Updated Jan. 27, 2015, 3:27 a.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-24316
> https://issues.asterisk.org/jira/browse/ASTERISK-24316
>
>
> Repository: testsuite
>
>
> Description
> -------
>
> Currently, all responses from the Asterisk HTTP server contain a [Server] header that identifies Asterisk and its version (e.g. "Server:Asterisk/<version>", where <version> is the currently running version of Asterisk). The preferred behavior is to allow the user to configure an alternate name to use for the value returned in the [Server] header for HTTP responses (e.g. "Server:SomeSuperAwesomeServerName").
>
> This patch to the Asterisk source provides a new configuration property, [servername], in http.conf, that gives users the ability to modify the value that Asterisk uses when identifying itself.
>
> This test verifies that the HTTP server correctly reports the expected name through the [Server] header in all HTTP responses. It uses three instances of Asterisk to test the three possible logic paths:
> 1) No configuration was provided
> 2) A non-empty/non-null value was provided through the new configuration property [servername]
> 3) An empty/null value was provided through the new configuration property [servername]
>
> For clarity, consider this example for the possible outcomes as described above, respectively:
> 1) There was nothing configured for [servername].
> 2) The user configured a non-empty value for [servername] (e.g. servername="JohnMcClane")
> 3) The user configured an empty/null value for [servername] (e.g. servername="")
>
> The HTTP server is expected to create the [Server] header as follows, respectively:
> 1) Server: Asterisk/<version
> 2) Server: JohnMcClane
> 3) Server:
>
> ***Note*** This is the test. It is only the test. You can find the review for the Asterisk source at: https://reviewboard.asterisk.org/r/4374/
>
>
> Diffs
> -----
>
> ./asterisk/trunk/tests/tests.yaml 6339
> ./asterisk/trunk/tests/http_server/tests.yaml PRE-CREATION
> ./asterisk/trunk/tests/http_server/servername/test-config.yaml PRE-CREATION
> ./asterisk/trunk/tests/http_server/servername/run-test PRE-CREATION
> ./asterisk/trunk/tests/http_server/servername/configs/ast3/http.conf PRE-CREATION
> ./asterisk/trunk/tests/http_server/servername/configs/ast2/http.conf PRE-CREATION
> ./asterisk/trunk/tests/http_server/servername/configs/ast1/http.conf PRE-CREATION
>
> Diff: https://reviewboard.asterisk.org/r/4377/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Ashley Sanders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150127/53844fc7/attachment-0001.html>
More information about the asterisk-dev
mailing list