[OpenSIPS-Devel] [opensips] OpenSIPS leaks version (#417)
gremaudc
notifications at github.com
Tue Feb 24 08:36:55 CET 2015
OpenSIPS server leaks version and this information may help to conduct an attack. I propose to add a parameter in the configuration to control which information is displayed. For example, Apache has settings to manage this.
- ServerToken which can be set to Prod mod
- ServerSignature can be set to Off
- expose_php can be set to Off
This information can be easily found with a tool like nmap.
---
Reply to this email directly or view it on GitHub:
https://github.com/OpenSIPS/opensips/issues/417
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/devel/attachments/20150223/ad7ed9eb/attachment.htm>
More information about the Devel
mailing list