httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: Better privacy with SERVER_SIGNATURE
Date Tue, 16 Oct 2001 16:18:11 GMT

> instead. Currently we have
>    ServerSignature Off|On|EMail
> but we would need an additional degree of configurability, like:
>    ServerSignature Off|Short|ShortWithEMail|Long|LongWithEMail
> where On == Long and EMail == LongWithEMail, or two words
>    ServerSignature Empty|Short|Long  NoMailtoLink|AddMailtoLink
> (just an example. Imply backward compatible keywords)
> Which solution do you prefer:
> a) automatic coupling with ServerTokens?
> b) Separate configuration by new keywords for ServerSignature?
     (with default to coupling to ServerTokens)

Or add another one:

	ServerString "AnythingGoes/1.0"
	ServerString "Apache/1.3 (Patched 2001-10-02)"
	# %P	Product name (Apache)
	# %m	Major version no (1)
	# %n	Minor version no (3)
	# %o	Release version no (22-dev)
	# %e	Admin email
	# %s	Operating system...
	ServerSignature "%P/%m.%n"

I've found myself hacking the core more than once to make apache appear as
something with a different version - or to lie about the OS it was running
on and so on. Swiss army knife may be the answer.


View raw message