Re: modify Server header via a handler
On Tue, 8 May 2001, Doug MacEachern wrote:
> On Wed, 2 May 2001, Matt Sergeant wrote:
>
> > Right, but the problem is you can't do this after module initialization
> > (which is where mod_perl adds it's bits), but the PerlModule's are loaded
> > after that time, so you can't do it from Perl, at least not without a
> > major re-design of the mod_perl internals. You can't even do it from XS
> > loaded from Perl, because of that reason.
>
> wha? major re-design?? PerlModules are loaded during module init.
> with this patch, i can call this from startup.pl:
> Apache::add_version_component("Foo/1.1");
Hmm, my experiments with an almost exact same patch (but localised into
AxKit) didn't work when called from the BEGIN block in AxKit.xs. Oddness.
--
/||** Founder and CTO ** ** http://axkit.com/ **
//||** AxKit.com Ltd ** ** XML Application Serving **
// ||** http://axkit.org ** ** XSLT, XPathScript, XSP **
// \\| // ** mod_perl news and resources: http://take23.org **
\\//
//\\
// \\
Re: modify Server header via a handler
On Wed, 2 May 2001, Matt Sergeant wrote:
> Right, but the problem is you can't do this after module initialization
> (which is where mod_perl adds it's bits), but the PerlModule's are loaded
> after that time, so you can't do it from Perl, at least not without a
> major re-design of the mod_perl internals. You can't even do it from XS
> loaded from Perl, because of that reason.
wha? major re-design?? PerlModules are loaded during module init.
with this patch, i can call this from startup.pl:
Apache::add_version_component("Foo/1.1");
% HEAD http://localhost:8529/
200 OK
Connection: close
Date: Tue, 08 May 2001 15:13:12 GMT
Server: Apache/1.3.20-dev (Unix) mod_perl/1.25_01-dev Perl/v5.7.1 Foo/1.1
Content-Type: text/html
Client-Date: Tue, 08 May 2001 15:13:12 GMT
Client-Peer: 127.0.0.1:8529
--- src/modules/perl/Apache.xs~ Tue May 8 08:03:23 2001
+++ src/modules/perl/Apache.xs Tue May 8 08:09:31 2001
@@ -371,6 +371,13 @@
BOOT:
items = items; /*avoid warning*/
+void
+add_version_component(name)
+const char *name
+
+CODE:
+ap_add_version_component(name);
+
const char *
current_callback(r)
Apache r
Re: modify Server header via a handler
On Wed, 2 May 2001, Larry Leszczynski wrote: > Hi Matt - > > > Actually I lied! It is possible, though only from XS. I just added a > > module_init section to AxKit's config directives, and now I get: > > > > # HEAD http://axkit.org/ | grep Server > > Server: Apache/1.3.17 (Unix) AxKit (1.3_96) mod_perl/1.25 > > Now you just need the Netcraft folks to start scanning for AxKit :-) > > Could you share the code you used to do this? Yep, it'll be in AxKit 1.4 ;-) -- /||** Founder and CTO ** ** http://axkit.com/ ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** mod_perl news and resources: http://take23.org ** \\// //\\ // \\
Re: modify Server header via a handler
Hi Matt - > Actually I lied! It is possible, though only from XS. I just added a > module_init section to AxKit's config directives, and now I get: > > # HEAD http://axkit.org/ | grep Server > Server: Apache/1.3.17 (Unix) AxKit (1.3_96) mod_perl/1.25 Now you just need the Netcraft folks to start scanning for AxKit :-) Could you share the code you used to do this? Thanks! Larry Leszczynski [EMAIL PROTECTED]
Re: modify Server header via a handler
On Wed, 2 May 2001, Richard Chen wrote: > On Wed, May 02, 2001 at 03:22:51PM +0100, Matt Sergeant wrote: > > On Wed, 2 May 2001, Mark Maunder wrote: > > > > > You can get the server string in the header down to a minimum (Just 'Apache') > > > by putting > > > ServerTokens ProductOnly > > > on your httpd.conf. (Only supported after 1.3.12) > > > You can then use ap_add_version_component (C API) to add stuff after that. > > > > Right, but the problem is you can't do this after module initialization > > (which is where mod_perl adds it's bits), but the PerlModule's are loaded > > after that time, so you can't do it from Perl, at least not without a > > major re-design of the mod_perl internals. You can't even do it from XS > > loaded from Perl, because of that reason. > > > > That is right, modperl cannot do this. I guess we have > to live with certain limitations of modperl. Actually I lied! It is possible, though only from XS. I just added a module_init section to AxKit's config directives, and now I get: # HEAD http://axkit.org/ | grep Server Server: Apache/1.3.17 (Unix) AxKit (1.3_96) mod_perl/1.25 Neato! -- /||** Founder and CTO ** ** http://axkit.com/ ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** mod_perl news and resources: http://take23.org ** \\// //\\ // \\
Re: modify Server header via a handler
>On Wed, 2 May 2001, Richard Chen wrote:
>
> On Wed, May 02, 2001 at 03:22:51PM +0100, Matt Sergeant wrote:
> > On Wed, 2 May 2001, Mark Maunder wrote:
> >
> > > You can get the server string in the header down to a minimum (Just 'Apache')
> > > by putting
> > > ServerTokens ProductOnly
> > > on your httpd.conf. (Only supported after 1.3.12)
> > > You can then use ap_add_version_component (C API) to add stuff after that.
> >
> > Right, but the problem is you can't do this after module initialization
> > (which is where mod_perl adds it's bits), but the PerlModule's are loaded
> > after that time, so you can't do it from Perl, at least not without a
> > major re-design of the mod_perl internals. You can't even do it from XS
> > loaded from Perl, because of that reason.
> >
>
> That is right, modperl cannot do this. I guess we have
> to live with certain limitations of modperl. However, I just
> found out that it is trivial to change this Server header to
> whatever you want by changing just a single line in the apache
> source file http_main.c:
>
> API_EXPORT(const char *) ap_get_server_version(void)
> {
> return (server_version ? server_version : SERVER_BASEVERSION);
> }
>
> Just replace the return statement above with
>
> return "My Customized Web Server";
I found the following to work better, I tried the same fix as above and it
caused a few problems with 1.3.17:
API_EXPORT(const char *) ap_get_server_version(void)
{
strcpy(server_version, "My Mod_perl Server");
return (server_version ? server_version : SERVER_BASEVERSION);
}
--
[EMAIL PROTECTED]
http://www.kplworks.com/
>
> and rebuild your new httpd. I have even tried this on the
> old stronghold server running apache 1.3.6 and it worked.
> Since the apache source is always available, this customization
> is not a big deal.
>
> The reason I wanted to do this was not to let people find out
> (not easily that is) what we are running so that they cannot
> exploit known security holes of the past version.
>
> Richard Chen
>
Re: modify Server header via a handler
On Wed, May 02, 2001 at 03:22:51PM +0100, Matt Sergeant wrote:
> On Wed, 2 May 2001, Mark Maunder wrote:
>
> > You can get the server string in the header down to a minimum (Just 'Apache')
> > by putting
> > ServerTokens ProductOnly
> > on your httpd.conf. (Only supported after 1.3.12)
> > You can then use ap_add_version_component (C API) to add stuff after that.
>
> Right, but the problem is you can't do this after module initialization
> (which is where mod_perl adds it's bits), but the PerlModule's are loaded
> after that time, so you can't do it from Perl, at least not without a
> major re-design of the mod_perl internals. You can't even do it from XS
> loaded from Perl, because of that reason.
>
That is right, modperl cannot do this. I guess we have
to live with certain limitations of modperl. However, I just
found out that it is trivial to change this Server header to
whatever you want by changing just a single line in the apache
source file http_main.c:
API_EXPORT(const char *) ap_get_server_version(void)
{
return (server_version ? server_version : SERVER_BASEVERSION);
}
Just replace the return statement above with
return "My Customized Web Server";
and rebuild your new httpd. I have even tried this on the
old stronghold server running apache 1.3.6 and it worked.
Since the apache source is always available, this customization
is not a big deal.
The reason I wanted to do this was not to let people find out
(not easily that is) what we are running so that they cannot
exploit known security holes of the past version.
Richard Chen
Re: modify Server header via a handler
On Wed, 2 May 2001, Mark Maunder wrote: > You can get the server string in the header down to a minimum (Just 'Apache') > by putting > ServerTokens ProductOnly > on your httpd.conf. (Only supported after 1.3.12) > You can then use ap_add_version_component (C API) to add stuff after that. Right, but the problem is you can't do this after module initialization (which is where mod_perl adds it's bits), but the PerlModule's are loaded after that time, so you can't do it from Perl, at least not without a major re-design of the mod_perl internals. You can't even do it from XS loaded from Perl, because of that reason. -- /||** Founder and CTO ** ** http://axkit.com/ ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** mod_perl news and resources: http://take23.org ** \\// //\\ // \\
Re: modify Server header via a handler
You can get the server string in the header down to a minimum (Just 'Apache') by putting ServerTokens ProductOnly on your httpd.conf. (Only supported after 1.3.12) You can then use ap_add_version_component (C API) to add stuff after that. IMHO you should at least mention 'Apache' and 'mod_perl' in the header so we look good on netcraft. Or if you must, you can change the whole thing in the src, I think it's src/include/httpd.h ~mark. Alistair Mills wrote: > >On Tue, 1 May 2001, will trillich wrote: > > > > On Tue, May 01, 2001 at 12:10:34PM -0700, Randal L. Schwartz wrote: > > > > "newsreader" == newsreader <[EMAIL PROTECTED]> writes: > > > > > > newsreader> randal s. posted a way to do that > > > newsreader> sometime back. search for it in > > > newsreader> the archive. his stonehenge > > > newsreader> website apparently uses the same trick. > > > > > > If he's already doing it in the fixup phase, that's where I'm doing it > > > too, so that's probably not going to work. > > > > is it actually possible via perl? > > > > according to doug at > > http://www.geocrawler.com/archives/3/182/1997/6/0/1014229/ > > we shouldn't get our hopes up. > > > > I struggled to find a way of sending out a custom server response using > Perl. > > Instead I want into into the Apache source to get it to print out a > non-stanard server Apache response - I'm sure there might be an easier > way though? > > -- > [EMAIL PROTECTED] > http://www.kplworks.com/ > > > -- > > [EMAIL PROTECTED] > > http://sourceforge.net/projects/newbiedoc -- we need your brain! > > http://www.dontUthink.com/ -- your brain needs us! > > -- Mark Maunder [EMAIL PROTECTED] http://swiftcamel.com/ Try not. Do. Or do not. There is no try. ~yoda
Re: modify Server header via a handler
>On Tue, 1 May 2001, will trillich wrote: > > On Tue, May 01, 2001 at 12:10:34PM -0700, Randal L. Schwartz wrote: > > > "newsreader" == newsreader <[EMAIL PROTECTED]> writes: > > > > newsreader> randal s. posted a way to do that > > newsreader> sometime back. search for it in > > newsreader> the archive. his stonehenge > > newsreader> website apparently uses the same trick. > > > > If he's already doing it in the fixup phase, that's where I'm doing it > > too, so that's probably not going to work. > > is it actually possible via perl? > > according to doug at > http://www.geocrawler.com/archives/3/182/1997/6/0/1014229/ > we shouldn't get our hopes up. > I struggled to find a way of sending out a custom server response using Perl. Instead I want into into the Apache source to get it to print out a non-stanard server Apache response - I'm sure there might be an easier way though? -- [EMAIL PROTECTED] http://www.kplworks.com/ > -- > [EMAIL PROTECTED] > http://sourceforge.net/projects/newbiedoc -- we need your brain! > http://www.dontUthink.com/ -- your brain needs us! >
Re: modify Server header via a handler
On Tue, May 01, 2001 at 12:10:34PM -0700, Randal L. Schwartz wrote: > > "newsreader" == newsreader <[EMAIL PROTECTED]> writes: > > newsreader> randal s. posted a way to do that > newsreader> sometime back. search for it in > newsreader> the archive. his stonehenge > newsreader> website apparently uses the same trick. > > If he's already doing it in the fixup phase, that's where I'm doing it > too, so that's probably not going to work. is it actually possible via perl? according to doug at http://www.geocrawler.com/archives/3/182/1997/6/0/1014229/ we shouldn't get our hopes up. -- [EMAIL PROTECTED] http://sourceforge.net/projects/newbiedoc -- we need your brain! http://www.dontUthink.com/ -- your brain needs us!
Re: modify Server header via a handler
> "newsreader" == newsreader <[EMAIL PROTECTED]> writes: newsreader> randal s. posted a way to do that newsreader> sometime back. search for it in newsreader> the archive. his stonehenge newsreader> website apparently uses the same trick. If he's already doing it in the fixup phase, that's where I'm doing it too, so that's probably not going to work. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: modify Server header via a handler
randal s. posted a way to do that
sometime back. search for it in
the archive. his stonehenge
website apparently uses the same trick.
On Tue, May 01, 2001 at 02:51:14PM -0400, Richard Chen wrote:
> I would like to customize or suppress the Server header
> from the modperl server responses such as this:
>
> Server: Apache/1.3.19 (Unix) mod_perl/1.25 mod_ssl/2.8.1 OpenSSL/0.9.6
>
> I thought I could simply set up a Fixup handler to do this:
>
> package NoServerInfo;
> use Apache::Constants qw(:common);
> sub handler {
> my $r=shift;
> $r->header_out(Server => 'Foo Bar');
> return OK;
> }
> 1;
>
> But this does not seem to work. Is there some kind of restriction
> about this particular header in modperl? Without modifying
> the source code, is there a way to customize this Server header field?
>
> Thanks for any info
>
> Richard
RE: modify Server header via a handler
> -Original Message-
> From: Richard Chen [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 01, 2001 2:51 PM
> To: [EMAIL PROTECTED]
> Subject: modify Server header via a handler
>
>
> I would like to customize or suppress the Server header
> from the modperl server responses such as this:
see the ServerTokens directive for toning down the response header.
>
> Server: Apache/1.3.19 (Unix) mod_perl/1.25 mod_ssl/2.8.1 OpenSSL/0.9.6
>
> I thought I could simply set up a Fixup handler to do this:
>
> package NoServerInfo;
> use Apache::Constants qw(:common);
> sub handler {
> my $r=shift;
> $r->header_out(Server => 'Foo Bar');
> return OK;
> }
> 1;
>
> But this does not seem to work. Is there some kind of restriction
> about this particular header in modperl? Without modifying
> the source code, is there a way to customize this Server header field?
nope...
there is an archive of a similar discussion if you look back a year or so.
changing the Apache source code for this isn't too hard. Whether you want
to do this (and ignore your proper Apache/mod_perl roots) is another matter
;)
--Geoff
