RabbitMQ management console is revealing server details

Skip to first unread message

Ratul Bhattacharya

Feb 4, 2020, 10:57:50 AM2/4/20
to MochiWeb

We are using RabbitMQ in our application and its management console is running on MochiWeb server version 1.0

Server is exposing its name and version both as shown below. This can lead to "banner grabbing" kind of cyber attack. Is there a way to hide/mask the server details?

$ curl -v localhost:15672

> GET / HTTP/1.1

> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2

> Host: localhost:15672

> Accept: */*


< HTTP/1.1 200 OK

< Content-Length: 1419

< Content-Type: text/html

< Date: Wed, 15 May 2019 14:02:46 GMT

< last-modified: Fri, 12 Apr 2019 09:22:08 GMT

< Server: MochiWeb/1.0 (Any of you quaids got a smint?)

Reply all
Reply to author
0 new messages