Wowza Community

change/remove info about wowza server when scanning

hi,

is there any possibility to change/remove wowza server page when someone try to access on some port ?

I mean by example : “Wowza Media Server 3 Trial Edition (Expires: nov. 24, 2011) 3.0.2.02 build877”

from scan : “FlashCom 3.5.7 (Wowza Media Server 3 Trial Edition (Expires: nov. 24, 2011) 3.0.2.02 build877 http config)”

On my side I need to let tcp 80 opened to use rtmpt but if a user try from his browser to enter url, he will get message above :frowning:

so I would like to change it at least.

Thanks

NIcolas

Hi Nicolas,

This is set in conf/VHost.xml. Comment out the HTTPServerVersion HTTPProvider for the port you desire. By default this is enabled on ports 1935, 443, 8086, but not port 80.

I think this is Wowza user-agent in this case. I don’t think it is configurable

Richard

Or you can change the AuthenticationMethod of that HTTPProvider in the VHost.xml to “admin-basic” to require username and password, which you can provide like this:

http://username:password@[wowza-address]:1935

Richard

Sorry for bumping this old topic but:

I’ve removed the section and never found the version again :slight_smile: But, since recently i’ve found the versioning again (Server: FlashCom/3.5.7). I believe it came back after upgrading from 2.x to 3.x. The Vhost.xml does not contain the HTTPServerVersion (the section is completely removed).

HTTP request sent, awaiting response…

HTTP/1.0 200 OK

Content-type: text/xml

Access-Control-Allow-Origin: *

Content-Type: text/html

Connection: Keep-Alive

Server: FlashCom/3.5.7

Cache-Control: no-cache

Content-Length: 78

Length: 78 [text/xml]

Remote file exists.

Any idea?

Hi

I’m afraid you can’t remove the FlashCom version.

As far as I’m aware its always been there.

Jason

Now you mention it, this could be the case.

I think I was mistaking by the wowza version number you get if you put http://wowza-ip:1935 in your browser. That option can be disabled by the HTTPServerVersion.

Is there a way to make this more secure?

when I (or anybody else) perform a scan my Wowza server, it want it go give me a “forbidden” (403) or “not found” (404) by default. Any way to make this possible?

Thanks so far :slight_smile:

If you don’t want Wowza to listen on certain ports you can comment out the section in conf/VHost.xml. Or remave a particular port from the ports element. Or you can do something with your firewall.

Hi

I’m afraid you can’t remove the FlashCom version.

As far as I’m aware its always been there.

Jason

Hi Nicolas,

This is set in conf/VHost.xml. Comment out the HTTPServerVersion HTTPProvider for the port you desire. By default this is enabled on ports 1935, 443, 8086, but not port 80.

great, thanks

Nicolas