[OpenSER-Devel] [ openser-Feature Requests-1832997 ] remove all but the explicitely allowed headers
SourceForge.net
noreply at sourceforge.net
Wed Jan 2 11:17:42 UTC 2008
Feature Requests item #1832997, was opened at 2007-11-16 09:33
Message generated for change (Comment added) made by klaus_darilion
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743023&aid=1832997&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Klaus Darilion (klaus_darilion)
Assigned to: Nobody/Anonymous (nobody)
Summary: remove all but the explicitely allowed headers
Initial Comment:
This is useful if the proxy does not know which headers an upstream element will interpret and thus can't remove/screen this potential dangerous headers:
see also http://lists.openser.org/pipermail/users/2007-November/014437.html
Klaus Darilion writes:
> Maybe we need a remove_hf_except() function to strip all not explicitly
> allowed headers:
>
> remove_hf_except("From|To|Via|Record-Route|Contact|PAI|CSeq|???????")
>
> or something similar in result.
sounds like a good idea.
-- juha
----------------------------------------------------------------------
>Comment By: Klaus Darilion (klaus_darilion)
Date: 2008-01-02 12:17
Message:
Logged In: YES
user_id=1318360
Originator: YES
related with http://tracker.iptel.org/browse/SER-340
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743023&aid=1832997&group_id=139143
More information about the Devel
mailing list