You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Andrew Wilson <a....@elsevier.co.uk> on 1997/06/20 19:27:43 UTC

Reporting OS type: was Re: [Fwd: good work!!]

A looong time ago when I wrote the Netcraft Webserver Survey search
engine and stats routines it was suggested that Apache might return
additional 'helpful' information in the 'Server:' header.  So:

    HTTP/1.0 200 OK
    Date: Fri, 20 Jun 1997 17:18:16 GMT
    Server: Apache/1.1.1 SunOs/5.5.1
    Content-type: text/html

It was, I recall, countered with the argument that this was a huge
come-on to hackers who could use the OS / Platform version information
to craft their hacks.

I still think that adding this additional information is a *STUPID*
idea and one that should be resisted.  Indeed Netcraft has never
published the actual software versions being deployed at each site
(though this is a trivial thing to derive if you have the inclination)
for fear of abuse.

Talk to Netcraft directly if you want to know how the survey works now,
I've had nothing to do with it for over a year.

Ay.

Ambarish Malpani:
> 
> An interesting suggestion. Any votes?
> 
> A
> 
> ---------------------------------------------------------------------
> Ambarish Malpani
> Architect					       (408) 738-2040
> ValiCert, Inc.				      http://www.valicert.com
> 333 W. El Camino Real, Suite 270
> Sunnyvale, CA 94087
> --------------8310C6F7D1F970F725B618D1
> Content-Disposition: inline
> Content-type: message/rfc822
> Content-transfer-encoding: 7bit
> 
> X-POP3-Rcpt: ambarish@arctic
> Return-Path: mikes@immstudios.com
> Received: from sewer.immstudios.com (immstudios.com [194.217.17.50]) 
>           by arctic.valicert.com (8.6.12/8.6.9) with ESMTP id BAA08292 
>           for <am...@isecurity.com>; Fri, 20 Jun 1997 01:25:00 -0700
> Received: from www.eimages.co.uk ([206.175.71.34]) 
>           by sewer.immstudios.com (8.8.5/8.6.12) with ESMTP id JAA29206 
>           for <am...@isecurity.com>; Fri, 20 Jun 1997 09:16:28 GMT
> Message-ID: <33...@immstudios.com>
> Date: Fri, 20 Jun 1997 10:28:55 +0100
> From: Michael Smith <mi...@immstudios.com>
> Organization: IMM Studios
> X-Mailer: Mozilla 4.0 [en] (Win95; I)
> MIME-Version: 1.0
> To: Ambarish Malpani <am...@isecurity.com>
> Subject: good work!!
> X-Priority: 3 (Normal)
> Content-type: text/plain; charset="us-ascii"
> Content-transfer-encoding: 7bit
> 
> Good work with the apache-NT port.  I intend to try it out soon but it's
> sounds fabulous!
> 
> One suggestion - though I don't know if you're already doing this or
> not.  It appears to be impossible to tell what platform netscape servers
> are running on -  so netcraft cannot give us an idea of how many people
> are running their site on Unix and how many on NT.  I think it would be
> great if we could tell what proportion of apache sites were running Unix
> and what proportion NT.
> 
> Hope this is a constructive suggestion
> 
> Mike
> 
> 
> 
> --------------8310C6F7D1F970F725B618D1--
> 


-- 
Andrew.Wilson@cm.cs.ac.uk          http://www.cs.cf.ac.uk/User/Andrew.Wilson/

Re: Reporting OS type

Posted by Rob Hartill <ro...@imdb.com>.

On Fri, 20 Jun 1997, Marc Slemko wrote:

> I would -1 any attempt to add the OS version.  -0 on adding "NT"
> somewhere, but actual OS names and versions are a BAD thing IMHO.

Based on NT's existing "security" reputation and the fact that almost
all other NT server implicitly give away the info via their names I
don't see any real problem with Apache running on an NT declaring itself
as such.

BTW, isn't there a program one can run than knocks over NT boxes ?. Maybe
Netcraft can use that.. run the code against all servers and then count
how many stay up :-)

--
Rob Hartill                              Internet Movie Database (Ltd)
http://www.moviedatabase.com/   .. a site for sore eyes.

Re: Reporting OS type: was Re: [Fwd: good work!!]

Posted by Marc Slemko <ma...@worldgate.com>.

I would -1 any attempt to add the OS version.  -0 on adding "NT"
somewhere, but actual OS names and versions are a BAD thing IMHO.

It certainly would be helpful for some things, but...

On Fri, 20 Jun 1997, Andrew Wilson wrote:

> A looong time ago when I wrote the Netcraft Webserver Survey search
> engine and stats routines it was suggested that Apache might return
> additional 'helpful' information in the 'Server:' header.  So:
> 
>     HTTP/1.0 200 OK
>     Date: Fri, 20 Jun 1997 17:18:16 GMT
>     Server: Apache/1.1.1 SunOs/5.5.1
>     Content-type: text/html
> 
> It was, I recall, countered with the argument that this was a huge
> come-on to hackers who could use the OS / Platform version information
> to craft their hacks.
> 
> I still think that adding this additional information is a *STUPID*
> idea and one that should be resisted.  Indeed Netcraft has never
> published the actual software versions being deployed at each site
> (though this is a trivial thing to derive if you have the inclination)
> for fear of abuse.
> 
> Talk to Netcraft directly if you want to know how the survey works now,
> I've had nothing to do with it for over a year.
> 
> Ay.
> 
> Ambarish Malpani:
> > 
> > An interesting suggestion. Any votes?
> > 
> > A
> > 
> > ---------------------------------------------------------------------
> > Ambarish Malpani
> > Architect					       (408) 738-2040
> > ValiCert, Inc.				      http://www.valicert.com
> > 333 W. El Camino Real, Suite 270
> > Sunnyvale, CA 94087
> > --------------8310C6F7D1F970F725B618D1
> > Content-Disposition: inline
> > Content-type: message/rfc822
> > Content-transfer-encoding: 7bit
> > 
> > X-POP3-Rcpt: ambarish@arctic
> > Return-Path: mikes@immstudios.com
> > Received: from sewer.immstudios.com (immstudios.com [194.217.17.50]) 
> >           by arctic.valicert.com (8.6.12/8.6.9) with ESMTP id BAA08292 
> >           for <am...@isecurity.com>; Fri, 20 Jun 1997 01:25:00 -0700
> > Received: from www.eimages.co.uk ([206.175.71.34]) 
> >           by sewer.immstudios.com (8.8.5/8.6.12) with ESMTP id JAA29206 
> >           for <am...@isecurity.com>; Fri, 20 Jun 1997 09:16:28 GMT
> > Message-ID: <33...@immstudios.com>
> > Date: Fri, 20 Jun 1997 10:28:55 +0100
> > From: Michael Smith <mi...@immstudios.com>
> > Organization: IMM Studios
> > X-Mailer: Mozilla 4.0 [en] (Win95; I)
> > MIME-Version: 1.0
> > To: Ambarish Malpani <am...@isecurity.com>
> > Subject: good work!!
> > X-Priority: 3 (Normal)
> > Content-type: text/plain; charset="us-ascii"
> > Content-transfer-encoding: 7bit
> > 
> > Good work with the apache-NT port.  I intend to try it out soon but it's
> > sounds fabulous!
> > 
> > One suggestion - though I don't know if you're already doing this or
> > not.  It appears to be impossible to tell what platform netscape servers
> > are running on -  so netcraft cannot give us an idea of how many people
> > are running their site on Unix and how many on NT.  I think it would be
> > great if we could tell what proportion of apache sites were running Unix
> > and what proportion NT.
> > 
> > Hope this is a constructive suggestion
> > 
> > Mike
> > 
> > 
> > 
> > --------------8310C6F7D1F970F725B618D1--
> > 
> 
> 
> -- 
> Andrew.Wilson@cm.cs.ac.uk          http://www.cs.cf.ac.uk/User/Andrew.Wilson/
>