Lars Eilebrecht wrote: > Well, this topic pops up every now and then ... mainly because people > want to change/remove the Server header for "security", i.e., > "security by obscurity" reasons. On your web site you point out that > this does not make much sense and I absolutely agree with that. > > So this would be no reason to include the patch ...
Are people asking for that over and over again not an argument FOR the patch? > Removing the Server header to save 17 bytes ... well, only very > very few users of Apache would actually really require that in > order so save bandwidth. I know only on who actually does that, > and that's Yahoo. But for such specialized cases you would be > running a manually compiled or even modified Apache anyway > (like Yahoo). > > So I don't see this as a reason to include the patch. According to Netcraft 3% of all webservers don't sent the header, making the no-server-header #3 in Netcraft's list: http://survey.netcraft.com/Reports/0608/ > I fear that many users of Apache would actually turn off the > Server header for no or for the wrong reasons (which may "harm" our > market share), and therefore I'm -1 on including this patch. It would not change apaches market share. If you are talking about netcraft (and similar stats): I personally think, "ego" is a bad reason for constricting people. Sebastian
