Feature #3710
Server name change
100%
Description
Please implement the ability to change the way how tvh introduces itself. Thus, scanning ports, trying to connect should not give potential attacker the real software name and its version. Please at least implement this for HTTP protocol, do that services like shodan will stop recognizing tvh. It will be harder to find a server with tvh running.
History
Updated by Jaroslav Kysela over 8 years ago
- Status changed from New to Rejected
Use --useragent configuration option..
Updated by Jaroslav Kysela over 8 years ago
- Status changed from Rejected to New
Oops. Sorry, it's for http client - not server.
Updated by Rafal Kupiec over 8 years ago
Yep,
nginx has an option:
more_set_headers 'Server: XYZ';
and it will introduce itself as XYZ instead of nginx.
Would be nice to see such option in TVH too.
Updated by Rafal Kupiec about 8 years ago
Really 4.4? Doesn't seem to be so time-consuming to implement this.
Many TVH installations can be found on Shodan. Having such option, everyone could change the way TVH introduces itself, thus trying to hide application from abusive users.
Updated by Jaroslav Kysela over 7 years ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset commit:tvheadend|816fdb93a2ff84769d5491b7fb0071d4c5f4386c.
Updated by Pablo R. over 7 years ago
Is realm also modified?
WWW-Authenticate: Digest realm="tvheadend"
Shodan users still can see that...
Updated by Rafal Kupiec over 7 years ago
It is not, its still asking for password as 'tvheadend' and we cannot modify it.
IMHO This feature request is not implements as expected.
Updated by Mono Polimorph over 7 years ago
Hi,
This change doesn't apply to the name advertized with the RTSP port (SAT>IP protocol).
Perhaps, it will be useful to use the configuration name also with this protocol.
Updated by Pablo R. over 6 years ago
I also see:
Location: extjs.html
on Shodan for tvheadend servers, is it possible to also hide this? Or is need for webui works or something?
Regards.