Review Board 1.7.16

Testsuite: For httpd server, need option to define server name for security purposes

Review Request #4377 - Created Jan. 26, 2015 and submitted

Ashley Sanders
Currently, all responses from the Asterisk HTTP server contain a [Server] header that identifies Asterisk and its version (e.g. "Server:Asterisk/<version>", where <version> is the currently running version of Asterisk). The preferred behavior is to allow the user to configure an alternate name to use for the value returned in the [Server] header for HTTP responses (e.g. "Server:SomeSuperAwesomeServerName").

This patch to the Asterisk source provides a new configuration property, [servername], in http.conf, that gives users the ability to modify the value that Asterisk uses when identifying itself. 

This test verifies that the HTTP server correctly reports the expected name through the [Server] header field in all HTTP responses. It uses three instances of Asterisk to test the three possible logic paths:
1) No configuration was provided
2) A non-empty/non-null value was provided through the new configuration property [servername]
3) An empty/null value was provided through the new configuration property [servername]

For clarity, consider this example for the possible outcomes as described above, respectively:
1) There was nothing configured for [servername].
2) The user configured a non-empty value for [servername] (e.g. servername="JohnMcClane")
3) The user configured an empty/null value for [servername] (e.g. servername="")

The HTTP server is expected to create the [Server] header field as follows, respectively:
1) Server: Asterisk/<version>
2) Server: JohnMcClane

In case #3, the [Server] header field will be omitted from HTTP response headers.

***Note*** This is the test. It is only the test. You can find the review for the Asterisk source at:

Review request changed
Updated (Jan. 30, 2015, 11:29 a.m.)
  • changed from pending to submitted
Committed in revision 6363 runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to