httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:04:30 GMT
According to Jim Jagielski:

> I'd like to get some sort of feedback concerning the idea
> of having ServerTokens not only "adjust" what Apache
> sends in the Server header, but also allow the directive
> to fully set that info.

I tend to be -1 on this for the following reasons:

- It's only security by obscurity and providing such a
  "security feature" may be misleading for our users.
- We don't want people to obfuscate the server name, do we?

If people really want to change it they can always do
that at compile time, but we should not encourage it
by providing a configuration directive for it.

Lars Eilebrecht            - Don't use no double negatives, not never.

View raw message