Feature #3710

Server name change

Added by Rafal Kupiec about 1 year ago. Updated 28 days ago.

Status:FixedStart date:2016-04-10
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:4.4

Description

Please implement the ability to change the way how tvh introduces itself. Thus, scanning ports, trying to connect should not give potential attacker the real software name and its version. Please at least implement this for HTTP protocol, do that services like shodan will stop recognizing tvh. It will be harder to find a server with tvh running.

Associated revisions

Revision 816fdb93
Added by Jaroslav Kysela about 1 month ago

http server: allow to change the 'Server:' header, fixes #3710

Revision e0a31ace
Added by Jaroslav Kysela about 1 month ago

http server: allow to configure the realm for HTTP authorization, fixes #3710

History

#1 Updated by Jaroslav Kysela about 1 year ago

  • Status changed from New to Rejected

Use --useragent configuration option..

#2 Updated by Jaroslav Kysela about 1 year ago

  • Status changed from Rejected to New

Oops. Sorry, it's for http client - not server.

#3 Updated by Rafal Kupiec about 1 year ago

Yep,

nginx has an option:

more_set_headers 'Server: XYZ';

and it will introduce itself as XYZ instead of nginx.
Would be nice to see such option in TVH too.

#4 Updated by Jaroslav Kysela about 1 year ago

  • Target version set to 4.4

#5 Updated by Rafal Kupiec 10 months ago

Really 4.4? Doesn't seem to be so time-consuming to implement this.
Many TVH installations can be found on Shodan. Having such option, everyone could change the way TVH introduces itself, thus trying to hide application from abusive users.

#6 Updated by Jaroslav Kysela about 1 month ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

#7 Updated by Pablo Rodríguez about 1 month ago

Is realm also modified?

WWW-Authenticate: Digest realm="tvheadend"

Shodan users still can see that...

#8 Updated by Rafal Kupiec about 1 month ago

It is not, its still asking for password as 'tvheadend' and we cannot modify it.
IMHO This feature request is not implements as expected.

#9 Updated by Jaroslav Kysela about 1 month ago

Fixed in v4.3-135-ge0a31ac .

#10 Updated by Mono Polimorph 28 days ago

Hi,

This change doesn't apply to the name advertized with the RTSP port (SAT>IP protocol).

Perhaps, it will be useful to use the configuration name also with this protocol.

Also available in: Atom PDF