Review Board 1.7.16


Asterisk: For httpd server, need option to define server name for security purposes

Review Request #4374 - Created Jan. 26, 2015 and submitted

Ashley Sanders
branches/13
ASTERISK-24316
Reviewers
asterisk-dev
Asterisk
Currently, all responses from the Asterisk HTTP server contain a [Server] header that identifies Asterisk and its version (e.g. "Server:Asterisk/<version>", where <version> is the currently running version of Asterisk). The preferred behavior is to allow the user to configure an alternate name to use for the value returned in the [Server] header for HTTP responses (e.g. "Server:SomeSuperAwesomeServerName").

This patch provides a new configuration property, [servername], in http.conf, that gives users the ability to modify the value that Asterisk uses when identifying itself. 

By default, the new property is unused, which means that out-of-the-box, the HTTP server behaves just like it did prior to the patch. Requests to the HTTP server will generate responses with the old-style [Server] header (e.g. "Server:Asterisk/<version>", where <version> is the currently running version of Asterisk). To see the new behavior, you must add the configuration property, [servername] with some value (an empty value will work, also) to http.conf.

Whatever value the HTTP server is holding for the server name can now be seen through the httpstatus web page (http://<bindaddr>:<bindport>/<prefix>/httpstatus) (where [bindaddr], [bindport], and [prefix] are all values configured in http.conf) and the CLI command: http show status.

***Note*** This is just the patch to the Asterisk source. You can find the review for the Testsuite at: https://reviewboard.asterisk.org/r/4377/

 
Total:
14
Open:
0
Resolved:
13
Dropped:
1
Status:
From:
Description From Last Updated Status
Review request changed
Updated (Jan. 30, 2015, 12:20 p.m.)
  • changed from pending to submitted
Committed in revision 431505

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.