You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Francis Daly <de...@daoine.org> on 2002/10/29 15:09:22 UTC
[PATCH] ServerSignature privacy - option 2
Hi there,
As promised, the "ServerSignature should track ServerTokens" patch
alternative 2: add directive to change current behaviour to allow what I
want, while retaining current behaviour for everyone else.
Built against the released 2.0.43 code, my (limited) testing doesn't
show a significant throughput difference compared with the current code
when ServerSigStyle isn't set. It applies to the current CVS versions,
1.215 and 1.70, with a few line offsets.
The patch adds a field to core_dir_config associated with the directive,
so a full rebuild is probably necessary.
Documentation: ServerSigStyle is a directive to modify the signature
added to server-generated pages. It only has an effect when
ServerSignature is set (to on or email), and can be set down to
the .htaccess level, the same as ServerSignature. It can be set to
"traditional" or "header" (defaulting to acting like "traditional")
-- meaning "replicating the current behaviour" or "giving no more
information than the Server: header, as set by ServerTokens".
In "traditional" mode, the output is like "Apache/2.0.43" irrespective
of how ServerTokens is set. In "header" mode, if "ServerTokens" is set
to, for example, "Major", then the signature would be like "Apache/2",
just like the Server: header. Setting "ServerTokens" beyond "Minimal" --
to "OS" or "Full" -- does not increase the signature output, so it will
not generate more output that the "traditional" setting.
There should probably be a docs patch for ServerSignature saying
something like "the content generated, if any, can be controlled by the
setting of ServerSigStyle".
There could possibly also be a docs patch for ServerTokens indicating
that setting it may influence ServerSignature, depending on how
ServerSigStyle is set, but I think that that would be unnecessary.
Unless someone goes out of their way to set ServerSigStyle, they
should see no change. And if they do that, they should read the docs
for it.
Anyway, any and all comments on the patch are welcome.
f
--
Francis Daly deva@daoine.org
--- include-virgin/http_core.h Sun May 12 00:24:29 2002
+++ include/http_core.h Sun Oct 27 20:51:22 2002
@@ -406,6 +406,12 @@
srv_sig_withmail
} server_signature_e;
+typedef enum {
+ srv_sig_sty_unset,
+ srv_sig_sty_trad,
+ srv_sig_sty_head,
+} server_sig_style_e;
+
typedef struct {
/* path of the directory/regex/etc. see also d_is_fnmatch/absolute below */
char *d;
@@ -494,6 +500,7 @@
/* logging options */
server_signature_e server_signature;
+ server_sig_style_e server_sig_style;
int loglevel;
--- server-virgin/core.c Wed Oct 2 22:35:57 2002
+++ server/core.c Sun Oct 27 21:58:19 2002
@@ -162,6 +162,7 @@
conf->sec_file = apr_array_make(a, 2, sizeof(ap_conf_vector_t *));
conf->server_signature = srv_sig_unset;
+ conf->server_sig_style = srv_sig_sty_unset;
conf->add_default_charset = ADD_DEFAULT_CHARSET_UNSET;
conf->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
@@ -384,6 +385,10 @@
conf->server_signature = new->server_signature;
}
+ if (new->server_sig_style != srv_sig_sty_unset) {
+ conf->server_sig_style = new->server_sig_style;
+ }
+
if (new->add_default_charset != ADD_DEFAULT_CHARSET_UNSET) {
conf->add_default_charset = new->add_default_charset;
conf->add_default_charset_name = new->add_default_charset_name;
@@ -2015,6 +2020,29 @@
return NULL;
}
+static const char *set_sig_style(cmd_parms *cmd, void *d_,
+ const char *arg)
+{
+ core_dir_config *d = d_;
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
+
+ if (err != NULL) {
+ return err;
+ }
+
+ if (strcasecmp(arg, "traditional") == 0) {
+ d->server_sig_style = srv_sig_sty_trad;
+ }
+ else if (strcasecmp(arg, "header") == 0) {
+ d->server_sig_style = srv_sig_sty_head;
+ }
+ else {
+ return "ServerSigStyle: use one of: traditional | header";
+ }
+
+ return NULL;
+}
+
static const char *set_server_root(cmd_parms *cmd, void *dummy,
const char *arg)
{
@@ -2226,6 +2254,9 @@
{
char sport[20];
core_dir_config *conf;
+ const char *version_s;
+ char *version;
+ char *end;
conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
&core_module);
@@ -2236,8 +2267,18 @@
apr_snprintf(sport, sizeof sport, "%u", (unsigned) ap_get_server_port(r));
+ if (conf->server_sig_style == srv_sig_sty_head) {
+ version = (char *)version_s = ap_get_server_version();
+ if ((end = strchr(version_s + strlen(AP_SERVER_BASEPRODUCT), ' '))
+ != NULL) {
+ version = apr_pstrndup(r->pool, version_s, end - version_s);
+ }
+ } else {
+ version = apr_pstrdup(r->pool, AP_SERVER_BASEVERSION);
+ }
+
if (conf->server_signature == srv_sig_withmail) {
- return apr_pstrcat(r->pool, prefix, "<address>" AP_SERVER_BASEVERSION
+ return apr_pstrcat(r->pool, prefix, "<address>", version,
" Server at <a href=\"mailto:",
r->server->server_admin, "\">",
ap_escape_html(r->pool, ap_get_server_name(r)),
@@ -2245,7 +2286,7 @@
"</address>\n", NULL);
}
- return apr_pstrcat(r->pool, prefix, "<address>" AP_SERVER_BASEVERSION
+ return apr_pstrcat(r->pool, prefix, "<address>", version,
" Server at ",
ap_escape_html(r->pool, ap_get_server_name(r)),
" Port ", sport,
@@ -2952,6 +2993,8 @@
"The hostname and port of the server"),
AP_INIT_TAKE1("ServerSignature", set_signature_flag, NULL, OR_ALL,
"En-/disable server signature (on|off|email)"),
+AP_INIT_TAKE1("ServerSigStyle", set_sig_style, NULL, OR_ALL,
+ "Change server signature style (traditional|header)"),
AP_INIT_TAKE1("ServerRoot", set_server_root, NULL, RSRC_CONF | EXEC_ON_READ,
"Common directory of server-related files (logs, confs, etc.)"),
AP_INIT_TAKE1("ErrorLog", set_server_string_slot,