httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Burry" <dbu...@tagnet.org>
Subject RE: Removing Server: header
Date Wed, 26 Mar 2003 21:34:18 GMT
I don't see a good reason not to have a ServerTokens None option...  All
the ServerTokens options that hide version numbers are security by
obscurity anyway.... So it's not really anything new, just expanding
something that already exists to have a more complete compliment of
similar options.

Dave

-----Original Message-----
From: Brass, Phil (ISS Atlanta) [mailto:PBrass@iss.net] 
Sent: Wednesday, March 26, 2003 12:31 PM
To: dev@httpd.apache.org
Subject: RE: Removing Server: header


OK, so given that Date and Last-Modified are required response headers
and everybody pretty much hates the idea of removing them, and that
removing the Server header amounts to nothing more than security by
obscurity, is anybody still interested in seeing a patch that offers a
ServerTokens value of None and strictly prevents the addition of the
Server: header to the response?  If so I'd be happy to do it.

Thanks in advance!

Phil


Mime
View raw message