httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:31:18 GMT
* Ivan Ristic <ivanr@webkreator.com> wrote:

> 
> >>   I like the idea. Right now you either have to
> >>   change the source code or use mod_security to achieve
> >>   this, but I think the feature belongs to the server core.
> >>
> >>   But I think a new server directive is a better solution.
> > 
> > As Lars said (and I agree), it has nothing to do with security. Why do you
> > provide such a "feature" then?
> 
>    Because I believe that changing the signature prevents some
>    automated tools from attacking the server.
> 
>    I recently changed the signature of the Apache running on
>    modsecurity.org (to pretend to be IIS5). As a result, I've started
>    getting more IIS-related attacks than before. So, the signature
>    does matter.

And what was the security advantage?

nd

Mime
View raw message