* Ivan Ristic <[EMAIL PROTECTED]> wrote: > > >> I like the idea. Right now you either have to > >> change the source code or use mod_security to achieve > >> this, but I think the feature belongs to the server core. > >> > >> But I think a new server directive is a better solution. > > > > As Lars said (and I agree), it has nothing to do with security. Why do you > > provide such a "feature" then? > > Because I believe that changing the signature prevents some > automated tools from attacking the server. > > I recently changed the signature of the Apache running on > modsecurity.org (to pretend to be IIS5). As a result, I've started > getting more IIS-related attacks than before. So, the signature > does matter.
And what was the security advantage? nd
