httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: [PATCH] Re: Better privacy with SERVER_SIGNATURE
Date Wed, 17 Oct 2001 16:24:18 GMT

On Wed, 17 Oct 2001, Thomas Eibner wrote:

> On Wed, Oct 17, 2001 at 07:04:10AM +0200, Thomas Eibner wrote:
> > > Why not just fix it so that ServerTokens Prod[uctOnly] influences what
> > > the enviroment variable SERVER_SIGNATURE contains and then leave it by
> > > that?
> >
> > Or just use ServerSignature Off to get rid of it showing up at all?
> Patch for making SERVER_SIGNATURE obey to what ServerTokens is set to
> in httpd.conf follows.

Instead of re-creating the server string it might be just as nice to
simply use ap_get_server_version() instead. This is IMHO a bit more
intuitive to the admin and closer to what I would expect apache to do as
an admin.

The functional difference with your patch would be that any other
extensions to the server string (such as mod_perl/1.1 etc..) would also
show up.


View raw message