You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2009/09/02 14:22:33 UTC
svn commit: r810477 - /httpd/httpd/trunk/docs/manual/mod/core.xml
Author: jim
Date: Wed Sep 2 12:22:32 2009
New Revision: 810477
URL: http://svn.apache.org/viewvc?rev=810477&view=rev
Log:
doccos for soon to be reverted code.
Modified:
httpd/httpd/trunk/docs/manual/mod/core.xml
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=810477&r1=810476&r2=810477&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Wed Sep 2 12:22:32 2009
@@ -2862,7 +2862,7 @@
<name>ServerTokens</name>
<description>Configures the <code>Server</code> HTTP response
header</description>
-<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</syntax>
+<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full|Off|Set</syntax>
<default>ServerTokens Full</default>
<contextlist><context>server config</context></contextlist>
@@ -2873,10 +2873,10 @@
information about compiled-in modules.</p>
<dl>
- <dt><code>ServerTokens Off</code></dt>
+ <dt><code>ServerTokens Full</code> (or not specified)</dt>
- <dd>Server sends no <code>Server:</code> header
- (and <code>SERVER_SOFTWARE</code> is blank)</dd>
+ <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
+ (Unix) PHP/4.2.2 MyMod/1.2</code></dd>
<dt><code>ServerTokens Prod[uctOnly]</code></dt>
@@ -2911,10 +2911,11 @@
there are any embedded spaces.
</dd>
- <dt><code>ServerTokens Full</code> (or not specified)</dt>
+ <dt><code>ServerTokens Off</code></dt>
+
+ <dd>Server sends no <code>Server:</code> header
+ (and <code>SERVER_SOFTWARE</code> is blank)</dd>
- <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
- (Unix) PHP/4.2.2 MyMod/1.2</code></dd>
</dl>
<p>This setting applies to the entire server, and cannot be
@@ -2923,6 +2924,14 @@
<p>After version 2.0.44, this directive also controls the
information presented by the <directive
module="core">ServerSignature</directive> directive.</p>
+
+ <note>Setting <directive>ServerTokens</directive> to less than
+ <code>minimal</code> is not recommended because it makes it more
+ difficult to debug interoperational problems. Also note that
+ disabling the Server: header does nothing at all to make your
+ server more secure; the idea of "security through obscurity"
+ is a myth and leads to a false sense of safety.</note>
+
</usage>
<seealso><directive module="core">ServerSignature</directive></seealso>
</directivesynopsis>