httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: [PATCH 40026] ServerTokens Off
Date Thu, 03 Aug 2006 18:54:52 GMT
Fran├žois wrote:
>> If the response is being forwarded through a proxy, the proxy application 
>> MUST NOT modify the Server response-header.
> I think that if you configure your httpd in a [reverse] proxy mode,
> mod_header allow you to modify "Server:", so it is not a problem if a
> new directive allows users to change this, at it could already be
> modified with an existing module.

if you mean, in a "reverse" proxy mode, you are right.  A reverse proxy
deliberately doesn't follow the RFC, it's transparent, and would be entirely
appropriate to modify any headers as if this machine were the origin server.

But not in the case of "forward" proxy mode - that's what the RFC spelled out.

View raw message