httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:35:15 GMT
Ivan Ristic wrote:
> > As Lars said (and I agree), it has nothing to do with security. Why do you
> > provide such a "feature" then?
>    Because I believe that changing the signature prevents some
>    automated tools from attacking the server.
>    So, the signature
>    does matter.

Without a doubt. Look at how many exploits grep on not only
the "name" of the server but also the version. 

I didn't propose this to create (yet another) heated discussion,
simply to suggest that we take ServerTokens to its logical
conclusion based on some requests I've seen. :)
   Jim Jagielski   [|]   [|]
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

View raw message