httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Ristic <>
Subject Re: Proposal: Allow ServerTokens to specify Server header completely
Date Tue, 13 Jan 2004 14:25:36 GMT

>>   I like the idea. Right now you either have to
>>   change the source code or use mod_security to achieve
>>   this, but I think the feature belongs to the server core.
>>   But I think a new server directive is a better solution.
> As Lars said (and I agree), it has nothing to do with security. Why do you
> provide such a "feature" then?

   Because I believe that changing the signature prevents some
   automated tools from attacking the server.

   I recently changed the signature of the Apache running on (to pretend to be IIS5). As a result, I've started
   getting more IIS-related attacks than before. So, the signature
   does matter.

ModSecurity (
[ Open source IDS for Web applications ]

View raw message