httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: vote on concept of ServerTokens Off
Date Wed, 09 Sep 2009 20:48:09 GMT
On Wed, Sep 9, 2009 at 4:07 PM, Jim Jagielski <jim@jagunet.com> wrote:

> Sounds like 3 years have not changed the feelings towards
> this. Ideally, we should remove the whole ap_get_server_version/
> ap_get_server_banner re-work as well since,


It is generally useful to separate what information we write to arbitrary
clients (controlled by ServerTokens) vs. what is logged at startup or
reported in a few other special places; also, such a change would break
binary compatibility.



> iirc, this was
> all to make it easier for this exact type of change.
>

yes, in that without the version-vs-banner change, "ServerTokens Off" would
have taken an unfortunate behavior to a nonsensical extreme; but trimming
the amount of information logged at startup based on ServerTokens was a
known concern (at least it was one of my pet peeves)

Mime
View raw message