On Sep 25, 2012, at 6:22 PM, Daniel Ruggeri <[email protected]> wrote:
> > On the flip side, giving this information out in http headers could be > dangerous. Taking httpd out of the equation, this has pretty wide > implications. This is true, and that's why I'm not suggesting that httpd, or any backend at all, default to producing these headers. In a "typical" reverse proxy situation, I assume that the admin of the proxy also admins (at least to some extent) the backends, and so he/she would only enable these headers on backends they know are being proxied. Also, the front-end on accepting the headers from the backend would /dev/null them, so that this info would never "leak" to the external world. At least, that's the scenario I'm working towards...
