httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <l...@eilebrecht.net>
Subject Re: [PATCH 40026] ServerTokens Off
Date Fri, 11 Aug 2006 16:50:00 GMT
According to Sebastian:

> > I'd like to propose these patches for inclusion:
> > 
> >  http://www.nohn.org/blog/uploads/servertokens_off.patch
> >  http://www.nohn.org/blog/uploads/servertokens_off_documentation.patch
> 
> Patches are now attached by request.
> 
> I'm looking forward for your comments.

Well, this topic pops up every now and then ... mainly because people
want to change/remove the Server header for "security", i.e., 
"security by obscurity" reasons. On your web site you point out that
this does not make much sense and I absolutely agree with that.

So this would be no reason to include the patch ...

Removing the Server header to save 17 bytes ... well, only very
very few users of Apache would actually really require that in
order so save bandwidth. I know only on who actually does that,
and that's Yahoo. But for such specialized cases you would be
running a manually compiled or even modified Apache anyway
(like Yahoo).

So I don't see this as a reason to include the patch.

I fear that many users of Apache would actually turn off the
Server header for no or for the wrong reasons (which may "harm" our
market share), and therefore I'm -1 on including this patch.


ciao...
-- 
Lars Eilebrecht 
lars@apache.org

Mime
View raw message