httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:46:29 GMT
According to Jim Jagielski:

> I didn't propose this to create (yet another) heated discussion,

too late ;)

> simply to suggest that we take ServerTokens to its logical
> conclusion based on some requests I've seen. :)

Sorry, but I don't see this as the logical conclusion of
the ServerTokens directive.
Being able to manage what third-party modules put in the
server header is one thing, but changing the header to
an arbitrary think does not seem logical to me, nor is
it a security feature.

This reminds me of an admin complaining about a PHP-based
application that produced wrong output ... after some
debugging I found out that this was caused, because the
admin tried to be smart and changed Apache's version number
to 0.9.7. This resulted in some of the appplication's
version dependant functions to fail.

Lars Eilebrecht                      - Today is the last day                 - of the past of your life.

View raw message