On 8/20/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Lars Eilebrecht wrote:
>
> Apart from that, it's also possible to customize the Server header by
> using mod_security which has a configuration directive for this.
My 2c, let's adopt the patch for three reasons...
1. it's an FAQ that would -go away-, less stress for our peer apache
user supporters
giant +1
Attempts to illuminate have failed. The best education will be to see
requests for some odd URL with .EXE in the name in the error log of a
Unix box with ServerTokens None.
2. it's not required.
Right, we're getting religious about some protocol data which is not
even required and which we freely admit that people with the skills
should just go hack up the source code to remove.
3. it will dissuade folks from adopting thirdparty modules for foolish reasons,
sparing those projects to deal only with users who actually plan to take
advantage of their real features ;-)
That makes sense to me. Meanwhile, it hardly makes sense to have
somebody use a third-party module to remove some protocol data that
Apache didn't need to add in the first place.
