Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to modify Cowboy server name returned in headers #2308

Merged
merged 4 commits into from
May 29, 2019
Merged

Add option to modify Cowboy server name returned in headers #2308

merged 4 commits into from
May 29, 2019

Conversation

fenek
Copy link
Member

@fenek fenek commented May 17, 2019
edited
Loading

This PR adds cowboy_server_name config option, which sets the reported HTTP server name in response headers. It may be used for hardening MIM (by hiding Cowboy's identity).

  • Docs

@mongoose-im
Copy link
Collaborator

mongoose-im commented May 17, 2019
edited
Loading

6507.1 / Erlang 19.3 / small_tests / 72cb3aa
Reports root / small

6507.6 / Erlang 19.3 / elasticsearch_and_cassandra_mnesia / 72cb3aa
Reports root/ big
OK: 469 / Failed: 0 / User-skipped: 8 / Auto-skipped: 0

6507.5 / Erlang 19.3 / ldap_mnesia / 72cb3aa
Reports root/ big
OK: 1209 / Failed: 1 / User-skipped: 105 / Auto-skipped: 0

sm_SUITE:parallel:subscription_requests_are_buffered_properly 
{error,{{badmatch,false},
    [{escalus_session,stream_management,2,
              [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_session.erl"},
               {line,227}]},
     {escalus_connection,connection_step,2,
               [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_connection.erl"},
                {line,134}]},
     {lists,foldl,3,[{file,"lists.erl"},{line,1263}]},
     {escalus_connection,start,2,
               [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_connection.erl"},
                {line,118}]},
     {sm_SUITE,'-subscription_requests_are_buffered_properly/1-fun-3-',6,
           [{file,"sm_SUITE.erl"},{line,848}]},
     {escalus_story,story,4,
            [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
             {line,72}]},
     {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1529}]},
     {test_server,run_test_case_eval1,6,
            [{file,"test_server.erl"},{line,1045}]}]}}

Report log

6507.3 / Erlang 19.3 / mysql_redis / 72cb3aa
Reports root/ big
OK: 3112 / Failed: 1 / User-skipped: 232 / Auto-skipped: 0

pubsub_SUITE:dag+collection:request_all_items_leaf_test 
{error,
  {timeout_when_waiting_for_stanza,
    [{escalus_client,wait_for_stanza,
       [{client,<<"alicE78.793971@localhost/res1">>,escalus_tcp,
          <0.11380.3>,
          [{event_manager,<0.11300.3>},
           {server,<<"localhost">>},
           {username,<<"alicE78.793971">>},
           {resource,<<"res1">>}],
          [{event_client,
             [{event_manager,<0.11300.3>},
            {server,<<"localhost">>},
            {username,<<"alicE78.793971">>},
            {resource,<<"res1">>}]},
           {resource,<<"res1">>},
           {username,<<"alicE78.793971">>},
           {server,<<"localhost">>},
           {host,<<"localhost">>},
           {port,5222},
           {auth,{escalus_auth,auth_plain}},
           {wspath,undefined},
           {username,<<"alicE78.793971">>},
           {server,<<"localhost">>},
           {password,<<"matygrysa">>},
           {stream_id,<<"0394F8721ABFAE43">>}]},
        5000],
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
        {line,138}]},
     {pubsub_tools,receive_response,3,
       [{file,"pubsub_tools.erl"},{line,457}]},
     {pubsub_tools,receive_and_check_response,4,
       [{file,"pubsub_tools.erl"},{line,448}]},
     {pubsub_SUITE,'-request_all_items_leaf_test/1-fun-0-',2,
       [{file,"pubsub_SUITE.erl"},{line,1519}]},
     {escalus_story,story,4,
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/defau...

Report log

6507.2 / Erlang 19.3 / internal_mnesia / 72cb3aa
Reports root/ big
OK: 1224 / Failed: 0 / User-skipped: 68 / Auto-skipped: 0

6507.4 / Erlang 19.3 / odbc_mssql_mnesia / 72cb3aa
Reports root/ big
OK: 3101 / Failed: 0 / User-skipped: 230 / Auto-skipped: 0

6507.8 / Erlang 20.0 / pgsql_mnesia / 72cb3aa
Reports root/ big / small
OK: 3133 / Failed: 0 / User-skipped: 198 / Auto-skipped: 0

6507.9 / Erlang 21.0 / riak_mnesia / 72cb3aa
Reports root/ big / small
OK: 1459 / Failed: 0 / User-skipped: 66 / Auto-skipped: 0

@codecov
Copy link

codecov bot commented May 17, 2019
edited
Loading

Codecov Report

Merging #2308 into master will increase coverage by 0.21%.
The diff coverage is 80%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2308      +/-   ##
==========================================
+ Coverage   78.73%   78.95%   +0.21%     
==========================================
  Files         334      334              
  Lines       29026    29033       +7     
==========================================
+ Hits        22855    22923      +68     
+ Misses       6171     6110      -61
Impacted Files Coverage Δ
src/config/mongoose_config_parser.erl 74.64% <100%> (+0.11%) ⬆️
src/ejabberd_cowboy.erl 88.77% <77.77%> (-1.45%) ⬇️
src/mongoose_tcp_listener.erl 73.68% <0%> (-5.27%) ⬇️
src/mam/mod_mam_muc_rdbms_async_pool_writer.erl 63.54% <0%> (-4.17%) ⬇️
src/mam/mod_mam_rdbms_prefs.erl 92.52% <0%> (-3.74%) ⬇️
src/rdbms/mongoose_rdbms.erl 69.38% <0%> (-2.56%) ⬇️
...bal_distrib/mod_global_distrib_hosts_refresher.erl 82.22% <0%> (-2.23%) ⬇️
src/pubsub/mod_pubsub_db_mnesia.erl 94.71% <0%> (-0.45%) ⬇️
src/ejabberd_c2s.erl 86.95% <0%> (-0.32%) ⬇️
src/mod_muc.erl 74.86% <0%> (-0.27%) ⬇️
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fcf1c1c...2a1cf68. Read the comment docs.

@mongoose-im
Copy link
Collaborator

mongoose-im commented May 17, 2019
edited
Loading

6508.1 / Erlang 19.3 / small_tests / 77fcd36
Reports root / small

6508.5 / Erlang 19.3 / ldap_mnesia / 77fcd36
Reports root/ big
OK: 1209 / Failed: 1 / User-skipped: 105 / Auto-skipped: 0

sm_SUITE:parallel:subscription_requests_are_buffered_properly 
{error,{{badmatch,false},
    [{escalus_session,stream_management,2,
              [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_session.erl"},
               {line,227}]},
     {escalus_connection,connection_step,2,
               [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_connection.erl"},
                {line,134}]},
     {lists,foldl,3,[{file,"lists.erl"},{line,1263}]},
     {escalus_connection,start,2,
               [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_connection.erl"},
                {line,118}]},
     {sm_SUITE,'-subscription_requests_are_buffered_properly/1-fun-3-',6,
           [{file,"sm_SUITE.erl"},{line,848}]},
     {escalus_story,story,4,
            [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
             {line,72}]},
     {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1529}]},
     {test_server,run_test_case_eval1,6,
            [{file,"test_server.erl"},{line,1045}]}]}}

Report log

6508.6 / Erlang 19.3 / elasticsearch_and_cassandra_mnesia / 77fcd36
Reports root/ big
OK: 469 / Failed: 0 / User-skipped: 8 / Auto-skipped: 0

6508.3 / Erlang 19.3 / mysql_redis / 77fcd36
Reports root/ big
OK: 3099 / Failed: 0 / User-skipped: 232 / Auto-skipped: 0

6508.2 / Erlang 19.3 / internal_mnesia / 77fcd36
Reports root/ big
OK: 1246 / Failed: 1 / User-skipped: 68 / Auto-skipped: 0

sm_SUITE:parallel:subscription_requests_are_buffered_properly 
{error,{{badmatch,false},
    [{escalus_session,stream_management,2,
              [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_session.erl"},
               {line,227}]},
     {escalus_connection,connection_step,2,
               [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_connection.erl"},
                {line,134}]},
     {lists,foldl,3,[{file,"lists.erl"},{line,1263}]},
     {escalus_connection,start,2,
               [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_connection.erl"},
                {line,118}]},
     {sm_SUITE,'-subscription_requests_are_buffered_properly/1-fun-3-',6,
           [{file,"sm_SUITE.erl"},{line,848}]},
     {escalus_story,story,4,
            [{file,"/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
             {line,72}]},
     {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1529}]},
     {test_server,run_test_case_eval1,6,
            [{file,"test_server.erl"},{line,1045}]}]}}

Report log

6508.4 / Erlang 19.3 / odbc_mssql_mnesia / 77fcd36
Reports root/ big
OK: 3101 / Failed: 0 / User-skipped: 230 / Auto-skipped: 0

6508.8 / Erlang 20.0 / pgsql_mnesia / 77fcd36
Reports root/ big / small
OK: 3133 / Failed: 0 / User-skipped: 198 / Auto-skipped: 0

6508.9 / Erlang 21.0 / riak_mnesia / 77fcd36
Reports root/ big / small
OK: 1474 / Failed: 1 / User-skipped: 66 / Auto-skipped: 0

pubsub_SUITE:dag+basic:discover_nodes_test 
{error,
  {timeout_when_waiting_for_stanza,
    [{escalus_client,wait_for_stanza,
       [{client,<<"alicE74.813452@localhost/res1">>,escalus_tcp,
          <0.12947.1>,
          [{event_manager,<0.12844.1>},
           {server,<<"localhost">>},
           {username,<<"alicE74.813452">>},
           {resource,<<"res1">>}],
          [{event_client,
             [{event_manager,<0.12844.1>},
            {server,<<"localhost">>},
            {username,<<"alicE74.813452">>},
            {resource,<<"res1">>}]},
           {resource,<<"res1">>},
           {username,<<"alicE74.813452">>},
           {server,<<"localhost">>},
           {host,<<"localhost">>},
           {port,5222},
           {auth,{escalus_auth,auth_plain}},
           {wspath,undefined},
           {username,<<"alicE74.813452">>},
           {server,<<"localhost">>},
           {password,<<"matygrysa">>},
           {stream_id,<<"C4F6A193D62B031D">>}]},
        5000],
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/escalus/src/escalus_client.erl"},
        {line,138}]},
     {pubsub_tools,receive_response,3,
       [{file,"pubsub_tools.erl"},{line,457}]},
     {pubsub_tools,receive_and_check_response,4,
       [{file,"pubsub_tools.erl"},{line,448}]},
     {pubsub_SUITE,'-discover_nodes_test/1-fun-0-',2,
       [{file,"pubsub_SUITE.erl"},{line,354}]},
     {escalus_story,story,4,
       [{file,
          "/home/travis/build/esl/MongooseIM/big_tests/_build/default/lib/es...

Report log

arcusfelis
arcusfelis approved these changes May 21, 2019
View reviewed changes
Copy link
Contributor

@arcusfelis arcusfelis left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code - good. docs - N/A

@fenek
Copy link
Member Author

fenek commented May 22, 2019

Damn, forgot to push the commit docs. One moment...

goddammit
goddammit reviewed May 22, 2019
View reviewed changes
doc/Advanced-configuration.md Outdated
@@ -351,6 +351,12 @@ There are some additional options that influence all database connections in the
* **Syntax:** `{replaced_wait_timeout, TimeInMilliseconds}`
* **Default:** `2000`

* **cowboy_server_name** (local)
* **Description:** If configured, replaces Cowboy's default name returned in `server` HTTP response header. It may be use for extra security, as it makes harder for the malicious user harder to learn what HTTP software is running under specific port. This option applies to **all** listeners started by `ejabberd_cowboy` module.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

* **Description:** If configured, replaces Cowboy's default name returned in the `server` HTTP response header. It may be used for extra security, as it makes it harder for the malicious user to learn what HTTP software is running a under specific port. This option applies to **all** listeners started by the `ejabberd_cowboy` module.

@arcusfelis arcusfelis merged commit 2f1fb1a into master May 29, 2019
@arcusfelis arcusfelis deleted the feature-cowboy-server-name branch May 29, 2019 11:42
@fenek fenek added this to the MongooseIM 3.3.0++ milestone Jun 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goddammit goddammit goddammit left review comments

@arcusfelis arcusfelis arcusfelis approved these changes

Assignees
No one assigned
Labels
ready waiting-for-review
Projects
None yet
Milestone
3.4.0
Development

Successfully merging this pull request may close these issues.
4 participants
@fenek @mongoose-im @arcusfelis @goddammit