You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Gregg L. Smith" <li...@glewis.com> on 2009/09/01 21:38:54 UTC
Re: svn commit: r808965 - signature spam and an existing restriction
Hi Devs,
A vote of mine does not count but I think I am leaning on a -1 here for
a couple reasons.
1. in ap_release.h you have placed a restriction on just this sort of thing;
* "Product tokens should be short and to the point -- use of them for
* advertizing or other non-essential information is explicitly forbidden."
Granted, if someone wanted to, there is not much you can really do about
it. What I might find as useful information you might just as well deem
non-essential. BTW, advertising and essential are misspelled. Does
handing the user a set of keys to do just this now negate this
restriction or if it is still of concern, should this be added into the
docs?
2. with mod_security this can already be done with the use of the
SecServerSignature directive.
http://www.modsecurity.org/documentation/modsecurity-apache/2.5.9/modsecurity2-apache-reference.html#N10B69
3. Not that Netcraft is a scientifically sound survey, I'd still hate to
see Apache jump off the cliff.
Just a sampling of random thoughts I had when I saw this.
Regards,
Gregg
jim@apache.org wrote:
> Author: jim
> Date: Fri Aug 28 17:37:12 2009
> New Revision: 808965
>
> URL: http://svn.apache.org/viewvc?rev=808965&view=rev
> Log:
> And additional ServerTokens improvement...
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/core.xml
> httpd/httpd/trunk/server/core.c
>