[OpenSIPS-Devel] [opensips] OpenSIPS leaks version (#417)

gremaudc Mon, 23 Feb 2015 23:37:55 -0800

OpenSIPS server leaks version and this information may help to conduct an 
attack. I propose to add a parameter in the configuration to control which 
information is displayed. For example, Apache has settings to manage this.


- ServerToken which can be set to Prod mod
- ServerSignature can be set to Off
- expose_php can be set to Off

This information can be easily found with a tool like nmap.

---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/417

_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

[OpenSIPS-Devel] [opensips] OpenSIPS leaks version (#417)

Reply via email to