httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fran├žois" <francois.pe...@gmail.com>
Subject Re: [PATCH 40026] ServerTokens Off
Date Thu, 03 Aug 2006 17:47:37 GMT
It seems that there is a lot of people who were requiring this feature.
I've developed a module ( http://modules.apache.org/search.php?id=962 ) that
tricks the core of httpd by faking a proxy request in order to make it
possible in module-land, to change this HTTP header.

To wrowe:

> If the response is being forwarded through a proxy, the proxy application
MUST
> NOT modify the Server response-header.

I think that if you configure your httpd in a [reverse] proxy mode,
mod_header allow you to modify "Server:", so it is not a problem if a new
directive allows users to change this, at it could already be modified with
an existing module.

2006/8/2, Brian J. France <list@firehawksystems.com>:
>
>
> On Aug 2, 2006, at 3:57 AM, William A. Rowe, Jr. wrote:
>
> > Sebastian Nohn wrote:
> >>
> >> please take the time to read it before voting against the proposal :)
>
> I am all for this patch (I know my vote means nothing)!
>
> > I've read your comments, agree it's 17 bytes (that you can just as
> > well remove,
> > as you point out, by hand.)
>
> I have written a protocol output filter that removes the server
> header, but would much rather have a config directive.
>
> > I'm curious - do IE, Firefox or other common clients use the server
> > name tag
> > as a clue for fixups around aberrant behavior or to enable optimal
> > behavior?
>
> We (Yahoo!) have run for years without sending the Server header and
> have not had any problem.  I think it is more likely a case of the
> server detecting the browser and tweaking the output to get around
> browser bugs.
>
> Brian
>
>


-- 
*Francois Pesce*

Mime
View raw message