I'd like to get some sort of feedback concerning the idea of having ServerTokens not only "adjust" what Apache sends in the Server header, but also allow the directive to fully set that info.
For example: ServerTokens Set Aporche/3.5 would cause Apache to send Aporche/3.5 as the Server header. Some people want to be able to "totally" obscure the server type.
I like the idea. Right now you either have to change the source code or use mod_security to achieve this, but I think the feature belongs to the server core.
But I think a new server directive is a better solution.
...
BTW, I've recently joined the [EMAIL PROTECTED] mailing list to observe how things are done here. In the long run, I would like to start contributing to the Apache web server, on the security side of things.
I've been doing this from the outside with the mod_security module, but there are some things that are better done from the inside.
-- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
