httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mads Toftum <>
Subject Re: [PATCH 40026] ServerTokens Off
Date Mon, 21 Aug 2006 09:10:23 GMT
On Mon, Aug 21, 2006 at 12:34:55AM +0200, Lars Eilebrecht wrote:
> Well, when we've had similar discussions in the past they were
> usually about argument No. 1, but the consensus was always that
> a security-by-obscurity feature in Apache does not make sense.
+1 - looking at the number of IIS targeted worms that keep hitting my
apache installs seem to suggest that obscuring the server name will at
most lead to a false sense of security. Besides, if you really care, I'm
pretty sure it wouldn't be all that hard to guess what server it is by
looking at all the rest of the headers.


Mads Toftum
`Darn it, who spiked my coffee with water?!' - lwall

View raw message