It's been argued by others in the past, but I honestly don't see how full ServerTokens are a security risk. If you prefer not to show them, you can change it, but most bots out there don't look for what extensions you may be running before they attempt to attack you.
And, honestly, most attack vectors are through broken applications (like PHP web forums, for instance), and if you have the application running, it's pretty obvious that you're also using the language underlying that application in some form or another. -- ServerTokens Full in apache2.conf (security risk?) https://bugs.launchpad.net/bugs/205996 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
