httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Trawick" <>
Subject Re: vote on concept of ServerTokens Off
Date Wed, 06 Dec 2006 14:58:21 GMT
On 12/5/06, Jeff Trawick <> wrote:
> A lot of opinions were offered back in August.  Some were negative but
> I don't see anything that looks like a veto.

Why do I care personally?  I'd like to see an easy resolution to the
common support question which doesn't involve recompiling the server*,
installing third-party modules+, trying to explain that the server
implementation can be easily reverse engineered anyway@, or trying to
explain that attackers just send everything they have regardless of
which server implementation they think it is@.

*alas, not possible with my day job but I can solve that in a different way
+not a simple task in many corporate environments
@generally this seems to fall on deaf ears; I suspect that many of
these people have to document exceptions to the report of some scanner
every n months

View raw message