httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <>
Subject Re: [users@httpd] Return Version
Date Thu, 29 Aug 2002 05:09:33 GMT
yup, read a bit further, turn servertokens off to remove all the data 
about the box.
default is full info.

J. Greenlees wrote:

> from the docs:
> The |ServerAdmin| and |ServerTokens| directives control what 
> information about the server will be presented in server-generated 
> documents such as error messages. The |ServerTokens| directive sets 
> the value of the Server HTTP response header field.
> The |ServerName| and |UseCanonicalName| directives are used by the 
> server to determine how to construct self-referential URLs. For 
> example, when a client requests a directory, but does not include the 
> trailing slash in the directory name, Apache must redirect the client 
> to the full name including the trailing slash so that the client will 
> correctly resolve relative references in the document.
> ------------------------------------------------------------------------
> this might be a way to get apache to not identify itself, not lie but 
> at least no hand out information about the server and box.
> John K. Sterling wrote:
>> On Wednesday, August 28, 2002, at 10:03 AM, Chris Taylor wrote:
>>> Hash: SHA1
>>> Recompile it and change the version somewhere in the source.
>>> Apache won't lie like you want out-of-the-box :)
>>> Out of interest, why make it lie for the audit? You have an
>>> up-to-date version that works very well and is pretty secure.
>> It has nothing to do with the current opinion about this version of 
>> apache - It is not uncommon people consider it a security issue to 
>> immediately divulge your what os/app/version you are running....

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message