Return-Path: 
 <dev-return-22297-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 65476 invoked by uid 500); 17 Oct 2001 22:35:24 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 65463 invoked from network); 17 Oct 2001 22:35:22 -0000
Date: Wed, 17 Oct 2001 09:24:18 -0700 (PDT)
From: Dirk-Willem van Gulik <dirkx@covalent.net>
X-X-Sender: dirkx@titatovenaar.sfo.covalent.net
To: dev@httpd.apache.org
Subject: Re: [PATCH] Re: Better privacy with SERVER_SIGNATURE
In-Reply-To: <20011017073117.C24198@io.stderr.net>
Message-ID: 
 <Pine.OSX.4.40.0110170922300.2969-100000@titatovenaar.sfo.covalent.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N


On Wed, 17 Oct 2001, Thomas Eibner wrote:

> On Wed, Oct 17, 2001 at 07:04:10AM +0200, Thomas Eibner wrote:
> > > Why not just fix it so that ServerTokens Prod[uctOnly] influences what
> > > the enviroment variable SERVER_SIGNATURE contains and then leave it by
> > > that?
> >
> > Or just use ServerSignature Off to get rid of it showing up at all?
>
> Patch for making SERVER_SIGNATURE obey to what ServerTokens is set to
> in httpd.conf follows.

Instead of re-creating the server string it might be just as nice to
simply use ap_get_server_version() instead. This is IMHO a bit more
intuitive to the admin and closer to what I would expect apache to do as
an admin.

The functional difference with your patch would be that any other
extensions to the server string (such as mod_perl/1.1 etc..) would also
show up.

Dw