You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by me...@apache.org on 2020/11/06 16:04:36 UTC
[apisix] branch master updated: feat: hide APISIX version from
Server header. (#2639)
This is an automated email from the ASF dual-hosted git repository.
membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 1883554 feat: hide APISIX version from Server header. (#2639)
1883554 is described below
commit 188355494d8fabad867c216ef4b423d25e94ce89
Author: Alex Zhang <zc...@gmail.com>
AuthorDate: Sat Nov 7 00:04:28 2020 +0800
feat: hide APISIX version from Server header. (#2639)
Sometimes expose version is dangerous, which can be utilized by
malicious crackers when there are some security bugs in that version.
---
apisix/init.lua | 4 +++
conf/config-default.yaml | 3 ++
t/core/utils.t | 85 ++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 92 insertions(+)
diff --git a/apisix/init.lua b/apisix/init.lua
index 46c830e..b2a795f 100644
--- a/apisix/init.lua
+++ b/apisix/init.lua
@@ -117,6 +117,10 @@ function _M.http_init_worker()
lru_resolved_domain = core.lrucache.new({
ttl = dns_resolver_valid, count = 512, invalid_stale = true,
})
+
+ if local_conf.apisix and local_conf.apisix.enable_server_tokens == false then
+ ver_header = "APISIX"
+ end
end
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index 768ff08..7ec3915 100644
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -39,6 +39,9 @@ apisix:
# enable_tcp_pp: true # Enable the proxy protocol for tcp proxy, it works for stream_proxy.tcp option
# enable_tcp_pp_to_upstream: true # Enables the proxy protocol to the upstream server
+ enable_server_tokens: true # Whether the APISIX version number should be shown in Server header.
+ # It's enabled by default.
+
proxy_cache: # Proxy Caching configuration
cache_ttl: 10s # The default caching time if the upstream does not specify the cache time
zones: # The parameters of a cache
diff --git a/t/core/utils.t b/t/core/utils.t
index 817db25..6fb4240 100644
--- a/t/core/utils.t
+++ b/t/core/utils.t
@@ -115,3 +115,88 @@ resolvers: ["8.8.8.8","114.114.114.114"]
qr/"address":.+,"name":"github.com"/
--- no_error_log
[error]
+
+
+
+=== TEST 5: enable_server_tokens false
+--- yaml_config
+apisix:
+ node_listen: 1984
+ enable_server_tokens: false
+ admin_key: null
+
+--- config
+location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ ngx.say("failed")
+ return
+ end
+
+ do
+ local sock = ngx.socket.tcp()
+
+ sock:settimeout(2000)
+
+ local ok, err = sock:connect("127.0.0.1", 1984)
+ if not ok then
+ ngx.say("failed to connect: ", err)
+ return
+ end
+
+ ngx.say("connected: ", ok)
+
+ local req = "GET /hello HTTP/1.0\r\nHost: www.test.com\r\nConnection: close\r\n\r\n"
+ local bytes, err = sock:send(req)
+ if not bytes then
+ ngx.say("failed to send http request: ", err)
+ return
+ end
+
+ ngx.say("sent http request: ", bytes, " bytes.")
+
+ while true do
+ local line, err = sock:receive()
+ if not line then
+ -- ngx.say("failed to receive response status line: ", err)
+ break
+ end
+
+ ngx.say("received: ", line)
+ end
+
+ local ok, err = sock:close()
+ ngx.say("close: ", ok, " ", err)
+ end -- do
+ }
+}
+--- request
+GET /t
+--- response_body eval
+qr{connected: 1
+sent http request: 62 bytes.
+received: HTTP/1.1 200 OK
+received: Content-Type: text/plain
+received: Content-Length: 12
+received: Connection: close
+received: Server: APISIX
+received: Server: openresty
+received: \nreceived: hello world
+close: 1 nil}
+--- no_error_log
+[error]