httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Nohn <sebast...@nohn.net>
Subject Re: [PATCH 40026] ServerTokens Off
Date Sun, 20 Aug 2006 16:55:46 GMT
Lars Eilebrecht wrote:

> Well, this topic pops up every now and then ... mainly because people
> want to change/remove the Server header for "security", i.e., 
> "security by obscurity" reasons. On your web site you point out that
> this does not make much sense and I absolutely agree with that.
>
> So this would be no reason to include the patch ...

Are people asking for that over and over again not an argument FOR the
patch?

> Removing the Server header to save 17 bytes ... well, only very
> very few users of Apache would actually really require that in
> order so save bandwidth. I know only on who actually does that,
> and that's Yahoo. But for such specialized cases you would be
> running a manually compiled or even modified Apache anyway
> (like Yahoo).
>
> So I don't see this as a reason to include the patch.

According to Netcraft 3% of all webservers don't sent the header, making
the no-server-header #3 in Netcraft's list:
http://survey.netcraft.com/Reports/0608/

> I fear that many users of Apache would actually turn off the
> Server header for no or for the wrong reasons (which may "harm" our
> market share), and therefore I'm -1 on including this patch.

It would not change apaches market share. If you are talking about
netcraft (and similar stats): I personally think, "ego" is a bad reason
for constricting people.

Sebastian

Mime
View raw message