You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 1998/05/11 14:37:50 UTC
[PATCH] ServerTokens Directive (replace AddVersionPlatform)
Here's the latest patch with all suggestions added. Docs are also changed.
I'd like to commit later today but if you see problems, let me know :)
Index: htdocs/manual/new_features_1_3.html
===================================================================
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/new_features_1_3.html,v
retrieving revision 1.57
diff -u -r1.57 new_features_1_3.html
--- new_features_1_3.html 1998/05/09 04:42:25 1.57
+++ new_features_1_3.html 1998/05/11 12:24:20
@@ -639,18 +639,17 @@
configuration.
</li>
<LI><A
- HREF="mod/core.html#addversionplatform"
+ HREF="mod/core.html#servertokens"
><STRONG>Including the operating system in the server
identity</STRONG></A>
<BR>
- A new directive, <SAMP>AddVersionPlatform</SAMP>, allows the Webmaster
- to change the value of
- the <SAMP>Server</SAMP> response header field which is sent back
- to clients. The <SAMP>AddVersionPlatform</SAMP> directive controls
- whether the server will
- include a non-specific note in the server identity about the type of
- operating system on which the server is running. As of Apache 1.3, this
- additional information is included by default.
+ A new directive, <SAMP>ServerTokens</SAMP>, allows the Webmaster
+ to change the value of the <SAMP>Server</SAMP> response header
+ field which is sent back to clients. The <SAMP>ServerTokens</SAMP>
+ directive controls whether the server will include a non-specific
+ note in the server identity about the type of operating system on
+ which the server is running as well as included module information.
+ As of Apache 1.3, this additional information is included by default.
</LI>
</UL>
Index: htdocs/manual/mod/core.html
===================================================================
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v
retrieving revision 1.115
diff -u -r1.115 core.html
--- core.html 1998/05/09 04:42:27 1.115
+++ core.html 1998/05/11 12:24:23
@@ -24,7 +24,6 @@
<LI><A HREF="#accessconfig">AccessConfig</A>
<LI><A HREF="#accessfilename">AccessFileName</A>
<LI><A HREF="#addmodule">AddModule</A>
-<LI><A HREF="#addversionplatform">AddVersionPlatform</A>
<LI><A HREF="#allowoverride">AllowOverride</A>
<LI><A HREF="#authname">AuthName</A>
<LI><A HREF="#authtype">AuthType</A>
@@ -78,6 +77,7 @@
<LI><A HREF="#serverpath">ServerPath</A>
<LI><A HREF="#serverroot">ServerRoot</A>
<LI><A HREF="#serversignature">ServerSignature</A>
+<LI><A HREF="#servertokens">ServerTokens</A>
<LI><A HREF="#servertype">ServerType</A>
<LI><A HREF="#startservers">StartServers</A>
<LI><A HREF="#threadsperchild">ThreadsPerChild</A>
@@ -179,52 +179,6 @@
be cleared with the <A HREF="#clearmodulelist">ClearModuleList</A>
directive.<P><HR>
-<H2><A name="addversionplatform">AddVersionPlatform directive</A></H2>
-<!--%plaintext <?INDEX {\tt AddVersionPlatform} directive> -->
-<A
- HREF="directive-dict.html#Syntax"
- REL="Help"
-><STRONG>Syntax:</STRONG></A> AddVersionPlatform <EM>On|Off</EM><BR>
-<A
- HREF="directive-dict.html#Context"
- REL="Help"
-><STRONG>Context:</STRONG></A> server config <BR>
-<A
- HREF="directive-dict.html#Status"
- REL="Help"
-><STRONG>Status:</STRONG></A> core<BR>
-<A
- HREF="directive-dict.html#Compatibility"
- REL="Help"
-><STRONG>Compatibility:</STRONG></A> AddVersionPlatform is only available
- in Apache 1.3 and later
-
-<P>
-This directive controls whether the server's operating system platform
-will be identified in the <SAMP>Server</SAMP> response header
-field which is sent back to clients. If enabled, a non-specific platform
-designation will be added to the identity string, as shown below:
-</P>
-<DL>
- <DT><CODE>AddVersionPlatform Off</CODE>
- </DT>
- <DD>Server sends: <SAMP>Server: Apache/1.3.0</SAMP>
- </DD>
- <DT><CODE>AddVersionPlatform On</CODE> (or not specified)
- </DT>
- <DD>Server sends: <SAMP>Server: Apache/1.3.0 (UNIX)</SAMP>
- </DD>
-</DL>
-<P>
-This setting applies to the entire server, and cannot be enabled or
-disabled on a virtualhost-by-virtualhost basis.
-</P>
-<P>
-By default, this information <EM>is</EM> included in the server
-identity string.
-</P>
-<HR>
-
<H2><A name="allowoverride">AllowOverride directive</A></H2>
<!--%plaintext <?INDEX {\tt AllowOverride} directive> -->
<A
@@ -2496,6 +2450,56 @@
the <SAMP>EMail</SAMP> setting additionally creates a "mailto:"
reference to the <A HREF="#serveradmin">ServerAdmin</A> of the
referenced document.
+
+<HR>
+
+<H2><A name="servertokens">ServerTokens directive</A></H2>
+<!--%plaintext <?INDEX {\tt ServerTokens} directive> -->
+<A
+ HREF="directive-dict.html#Syntax"
+ REL="Help"
+><STRONG>Syntax:</STRONG></A> ServerTokens <EM>Min|OS|Full</EM><BR>
+<A
+ HREF="directive-dict.html#Context"
+ REL="Help"
+><STRONG>Context:</STRONG></A> server config <BR>
+<A
+ HREF="directive-dict.html#Status"
+ REL="Help"
+><STRONG>Status:</STRONG></A> core<BR>
+<A
+ HREF="directive-dict.html#Compatibility"
+ REL="Help"
+><STRONG>Compatibility:</STRONG></A> ServerTokens is only available
+ in Apache 1.3 and later
+
+<P>
+This directive controls whether <SAMP>Server</SAMP> response header
+field which is sent back to clients includes a description of the generic
+OS-type of the server as well as information about compiled-in modules.
+</P>
+<DL>
+ <DT><CODE>ServerTokens Min[imal]</CODE>
+ </DT>
+ <DD>Server sends (e.g.): <SAMP>Server: Apache/1.3.0</SAMP>
+ </DD>
+ <DT><CODE>ServerTokens OS</CODE>
+ </DT>
+ <DD>Server sends (e.g.): <SAMP>Server: Apache/1.3.0 (UNIX)</SAMP>
+ </DD>
+ <DT><CODE>ServerTokens Full</CODE> (or not specified)
+ </DT>
+ <DD>Server sends (e.g.): <SAMP>Server: Apache/1.3.0 (UNIX) PHP/3.0 MyMod/1.2</SAMP>
+ </DD>
+</DL>
+<P>
+This setting applies to the entire server, and cannot be enabled or
+disabled on a virtualhost-by-virtualhost basis.
+</P>
+<P>
+By default, this information <EM>is</EM> included in the server
+identity string.
+</P>
<HR>
Index: src/include/http_conf_globals.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/http_conf_globals.h,v
retrieving revision 1.30
diff -u -r1.30 http_conf_globals.h
--- http_conf_globals.h 1998/05/07 12:24:24 1.30
+++ http_conf_globals.h 1998/05/11 12:24:24
@@ -91,7 +91,7 @@
extern char *ap_lock_fname;
extern MODULE_VAR_EXPORT char *ap_server_argv0;
-extern int ap_note_platform;
+extern enum server_token_type ap_server_tokens;
/* Trying to allocate these in the config pool gets us into some *nasty*
* chicken-and-egg problems in http_main.c --- where do you stick them
Index: src/include/httpd.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.211
diff -u -r1.211 httpd.h
--- httpd.h 1998/05/09 14:27:26 1.211
+++ httpd.h 1998/05/11 12:24:25
@@ -369,15 +369,10 @@
#define DEFAULT_LISTENBACKLOG 511
#endif
-/* If you have altered Apache and wish to change the SERVER_VERSION
- * identifier below, please keep to the HTTP specification. This states that
- * the identification string should consist of product tokens with an optional
- * slash and version designator. Sub-products which form a significant part
- * of the application can be listed, separated by whitespace, by adding
- * their product tokens to EXTRA_CFLAGS in the Configuration file like so.
+/*
+ * The below defines the base string of the Server: header. Additional
+ * tokens can be added via the ap_add_version_component() API call.
*
- * EXTRA_CFLAGS="-DSERVER_SUBVERSION="MrWidget/0.1-alpha"
- *
* The tokens are listed in order of their significance for identifying the
* application.
*
@@ -388,11 +383,12 @@
*/
#define SERVER_BASEVERSION "Apache/1.3b7-dev" /* SEE COMMENTS ABOVE */
-#ifdef SERVER_SUBVERSION
-#define SERVER_VERSION SERVER_BASEVERSION " " SERVER_SUBVERSION
-#else
-#define SERVER_VERSION SERVER_BASEVERSION
-#endif
+#define SERVER_VERSION SERVER_BASEVERSION
+enum server_token_type {
+ SrvTk_MIN, /* eg: Apache/1.3.0 */
+ SrvTk_OS, /* eg: Apache/1.3.0 (UNIX) */
+ SrvTk_FULL /* eg: Apache/1.3.0 (UNIX) PHP/3.0 FooBar/1.2b */
+};
API_EXPORT(const char *) ap_get_server_version(void);
API_EXPORT(void) ap_add_version_component(const char *component);
Index: src/main/http_core.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v
retrieving revision 1.199
diff -u -r1.199 http_core.c
--- http_core.c 1998/05/09 15:49:33 1.199
+++ http_core.c 1998/05/11 12:24:27
@@ -1879,13 +1879,17 @@
* string.
*/
-static const char *enable_platform_announcement(cmd_parms *cmd, void *mconfig,
- int flag)
+static const char *set_serv_tokens (cmd_parms *cmd, void *dummy, char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) return err;
- ap_note_platform = flag;
+ if (!strcasecmp(arg, "OS"))
+ ap_server_tokens = SrvTk_OS;
+ else if (!strcasecmp(arg, "Min") || !strcasecmp(arg, "Minimal"))
+ ap_server_tokens = SrvTk_MIN;
+ else
+ ap_server_tokens = SrvTk_FULL;
return NULL;
}
@@ -2026,8 +2030,8 @@
{ "BS2000AuthFile", set_bs2000_authfile, NULL, RSRC_CONF, TAKE1,
"server User's bs2000 logon password file (read-protected)" },
#endif
-{ "AddVersionPlatform", enable_platform_announcement, NULL, RSRC_CONF, FLAG,
- "Set to 'off' to not include server OS platform in Server identity text" },
+{ "ServerTokens", set_serv_tokens, NULL, RSRC_CONF, TAKE1,
+ "Determine tokens displayed in the Server: header - Min(imal), OS or Full" },
{ NULL },
};
Index: src/main/http_main.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.350
diff -u -r1.350 http_main.c
--- http_main.c 1998/05/09 23:48:02 1.350
+++ http_main.c 1998/05/11 12:24:32
@@ -343,7 +343,8 @@
static char *server_version = NULL;
static int version_locked = 0;
-int ap_note_platform = 1; /* Global, alas, so http_core can talk to us */
+/* Global, alas, so http_core can talk to us */
+enum server_token_type ap_server_tokens = SrvTk_FULL;
/*
* This routine is called when the pconf pool is vacuumed. It resets the
@@ -353,13 +354,13 @@
static void reset_version(void *dummy)
{
version_locked = 0;
- ap_note_platform = 1;
+ ap_server_tokens = SrvTk_FULL;
server_version = NULL;
}
API_EXPORT(const char *) ap_get_server_version()
{
- return server_version;
+ return (server_version ? server_version : SERVER_BASEVERSION);
}
API_EXPORT(void) ap_add_version_component(const char *component)
@@ -367,7 +368,8 @@
if (! version_locked) {
/*
* If the version string is null, register our cleanup to reset the
- * pointer on pool destruction.
+ * pointer on pool destruction. We also know that, if NULL,
+ * we are adding the original SERVER_BASEVERSION string.
*/
if (server_version == NULL) {
ap_register_cleanup(pconf, NULL, (void (*)(void *))reset_version,
@@ -376,10 +378,11 @@
}
else {
/*
- * Prepend the given component identifier to the existing string
+ * Tack the given component identifier to the end of
+ * the existing string.
*/
- server_version = ap_pstrcat(pconf, component, " ", server_version,
- NULL);
+ server_version = ap_pstrcat(pconf, server_version, " ",
+ component, NULL);
}
}
}
@@ -390,16 +393,19 @@
*/
static void ap_set_version()
{
-#ifdef SERVER_SUBVERSION
- ap_add_version_component(SERVER_SUBVERSION);
-#endif
- if (ap_note_platform) {
- ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
+ if (ap_server_tokens == SrvTk_MIN) {
+ ap_add_version_component(SERVER_BASEVERSION);
}
else {
- ap_add_version_component(SERVER_BASEVERSION);
+ ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
}
- version_locked++;
+ /*
+ * Lock the server_version string if we're not displaying
+ * the full set of tokens
+ */
+ if (ap_server_tokens != SrvTk_FULL) {
+ version_locked++;
+ }
}
static APACHE_TLS int volatile exit_after_unblock = 0;
@@ -3120,12 +3126,8 @@
static void show_compile_settings(void)
{
- printf("Server base version: %s\n", SERVER_BASEVERSION);
-#ifdef SERVER_SUBVERSION
- printf("Server sub-version: %s\n", SERVER_SUBVERSION);
-#endif
- printf("Server Full version: %s\n", ap_get_server_version());
- printf("Server built: %s\n", ap_get_server_built());
+ printf("Server version: %s\n", ap_get_server_version());
+ printf("Server built: %s\n", ap_get_server_built());
printf("Server's Module Magic Number: %u\n", MODULE_MAGIC_NUMBER);
printf("Server compiled with....\n");
#ifdef BIG_SECURITY_HOLE
@@ -3997,8 +3999,9 @@
setup_listeners(pconf);
ap_open_logs(server_conf, pconf);
ap_log_pid(pconf, ap_pid_fname);
+ ap_set_version(); /* create our server_version string */
ap_init_modules(pconf, server_conf);
- ap_set_version();
+ version_locked++; /* no more changes to server_version */
SAFE_ACCEPT(accept_mutex_init(pconf));
if (!is_graceful) {
reinit_scoreboard(pconf);
@@ -4225,10 +4228,12 @@
ap_cpystrn(ap_server_confname, optarg, sizeof(ap_server_confname));
break;
case 'v':
+ ap_set_version();
printf("Server version: %s\n", ap_get_server_version());
printf("Server built: %s\n", ap_get_server_built());
exit(0);
case 'V':
+ ap_set_version();
show_compile_settings();
exit(0);
case 'h':
@@ -4269,8 +4274,9 @@
if (ap_standalone) {
ap_open_logs(server_conf, pconf);
- ap_init_modules(pconf, server_conf);
ap_set_version();
+ ap_init_modules(pconf, server_conf);
+ version_locked++;
STANDALONE_MAIN(argc, argv);
}
else {
@@ -5186,8 +5192,9 @@
server_conf = ap_read_config(pconf, pparent, ap_server_confname);
ap_open_logs(server_conf, pconf);
- ap_init_modules(pconf, server_conf);
ap_set_version();
+ ap_init_modules(pconf, server_conf);
+ version_locked++;
if (!is_graceful)
reinit_scoreboard(pconf);
@@ -5398,6 +5405,7 @@
printf("Server built: %s\n", ap_get_server_built());
exit(0);
case 'V':
+ ap_set_version();
show_compile_settings();
exit(0);
case 'h':
@@ -5422,9 +5430,10 @@
if (!child) {
ap_log_pid(pconf, ap_pid_fname);
}
+ ap_set_version();
ap_init_modules(pconf, server_conf);
ap_suexec_enabled = init_suexec();
- ap_set_version();
+ version_locked++;
ap_open_logs(server_conf, pconf);
set_group_privs();
--
===========================================================================
Jim Jagielski ||| jim@jaguNET.com ||| http://www.jaguNET.com/
"That's no ordinary rabbit... that's the most foul,
cruel and bad-tempered rodent you ever laid eyes on"
Re: [PATCH] ServerTokens Directive (replace AddVersionPlatform)
Posted by Marc Slemko <ma...@worldgate.com>.
There is nothing wrong with leaving out the Server: header entirely, and I
wouldn't object to giving the user a way to disable it. We should,
however, strongly discourage any such thing in the docs and warn people
that it doesn't stop people from taking a pretty good guess at the
software running from other behaviour.
On Mon, 11 May 1998, Brian Behlendorf wrote:
> At 08:37 AM 5/11/98 -0400, Jim Jagielski wrote:
> >Here's the latest patch with all suggestions added. Docs are also changed.
> >I'd like to commit later today but if you see problems, let me know :)
>
> This is missing "none", but otherwise this works for me (i.e. tested). I
> am OK with no "none" value; while I can see arguments for being able to
> hide "Server:" completely, I'd respond that it's part of the benefit we as
> developers get back for doing work on Apache, knowing when it's used.
>
> Hopefully this is the end of this issue.
>
> Brian
>
>
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> pure chewing satisfaction brian@apache.org
> brian@hyperreal.org
>
Re: [PATCH] ServerTokens Directive (replace AddVersionPlatform)
Posted by Brian Behlendorf <br...@hyperreal.org>.
At 08:37 AM 5/11/98 -0400, Jim Jagielski wrote:
>Here's the latest patch with all suggestions added. Docs are also changed.
>I'd like to commit later today but if you see problems, let me know :)
This is missing "none", but otherwise this works for me (i.e. tested). I
am OK with no "none" value; while I can see arguments for being able to
hide "Server:" completely, I'd respond that it's part of the benefit we as
developers get back for doing work on Apache, knowing when it's used.
Hopefully this is the end of this issue.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
pure chewing satisfaction brian@apache.org
brian@hyperreal.org