Hi,

I’m trying to learn how to harden Wowza Streaming Engine from a security perspective,

There is one thing I could not find any solution for,

When user or attacker, monitor received chunks or playlists, in HTTP Response Header, he will find out ServerName with correct engine name and version,

Server:WowzaStreamingEngine/4.8.5

Is it possible to modify or change values from configurations to prevent detection?

You can write a custom Application module and override the Server parameter in the onHTTPSessionCreate method.

package mypackage;

public class MyModule extends ModuleBase {
  public void onHTTPSessionCreate(IHTTPStreamerSession httpSession) {
    httpSession.setUserHTTPHeader("Server", "ItsASecret");
  }
}

thank you @Karel Boek-Senior Consultant

Is it possible to add this code to the current “conf/vod/Application.xml”?

any guide will be helpful but for a non-programmer person

@Mike Breiter, you must create a custom module and add the code above; then add the reference to the compiled version of the module to your Application.xml. For more information on how to create a custom module, see https://www.wowza.com/blog/building-modules-why-they-matter

If you want to hire someone to create that module for you, you can post a request in https://www.wowza.com/community/spaces/26/find-a-consultant.html