OpenSIPS server leaks version and this information may help to conduct an
attack. I propose to add a parameter in the configuration to control which
information is displayed. For example, Apache has settings to manage this.
- ServerToken which can be set to Prod mod
- ServerSignature can be set to Off
- expose_php can be set to Off
This information can be easily found with a tool like nmap.
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/417
_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel