httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregg L. Smith" <li...@glewis.com>
Subject Re: svn commit: r808965 - signature spam and an existing restriction
Date Tue, 01 Sep 2009 19:38:54 GMT
Hi Devs,

A vote of mine does not count but I think I am leaning on a -1 here for 
a couple reasons.

1. in ap_release.h you have placed a restriction on just this sort of thing;

  * "Product tokens should be short and to the point -- use of them for
  * advertizing or other non-essential information is explicitly forbidden."

Granted, if someone wanted to, there is not much you can really do about 
it. What I might find as useful information you might just as well deem 
non-essential. BTW, advertising and essential are misspelled. Does 
handing the user a set of keys to do just this now negate this 
restriction or if it is still of concern, should this be added into the 
docs?

2. with mod_security this can already be done with the use of the 
SecServerSignature directive. 
http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html#N10B69

3. Not that Netcraft is a scientifically sound survey, I'd still hate to 
see Apache jump off the cliff.

Just a sampling of random thoughts I had when I saw this.

Regards,
Gregg


jim@apache.org wrote:
> Author: jim
> Date: Fri Aug 28 17:37:12 2009
> New Revision: 808965
> 
> URL: http://svn.apache.org/viewvc?rev=808965&view=rev
> Log:
> And additional ServerTokens improvement...
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/docs/manual/mod/core.xml
>     httpd/httpd/trunk/server/core.c
> 


Mime
View raw message