httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Schlossnagle" <geo...@mail.communityconnect.com>
Subject Re: Better privacy with SERVER_SIGNATURE
Date Tue, 16 Oct 2001 17:20:08 GMT
+1 on Dirk's idea.

----- Original Message -----
From: "Dirk-Willem van Gulik" <dirkx@covalent.net>
To: <dev@httpd.apache.org>
Sent: Tuesday, October 16, 2001 12:18 PM
Subject: Re: Better privacy with SERVER_SIGNATURE


>
> > instead. Currently we have
> >    ServerSignature Off|On|EMail
> > but we would need an additional degree of configurability, like:
> >    ServerSignature Off|Short|ShortWithEMail|Long|LongWithEMail
> > where On == Long and EMail == LongWithEMail, or two words
> >    ServerSignature Empty|Short|Long  NoMailtoLink|AddMailtoLink
> > (just an example. Imply backward compatible keywords)
> >
> > Which solution do you prefer:
> > a) automatic coupling with ServerTokens?
> > b) Separate configuration by new keywords for ServerSignature?
>      (with default to coupling to ServerTokens)
>
> Or add another one:
>
> ServerString "AnythingGoes/1.0"
> ServerString "Apache/1.3 (Patched 2001-10-02)"
> or
> # %P Product name (Apache)
> # %m Major version no (1)
> # %n Minor version no (3)
> # %o Release version no (22-dev)
> # %e Admin email
> # %s Operating system...
> #
> ServerSignature "%P/%m.%n"
>
> I've found myself hacking the core more than once to make apache appear as
> something with a different version - or to lie about the OS it was running
> on and so on. Swiss army knife may be the answer.
>
> Dw
>
>



Mime
View raw message