Am 12.08.2012 23:07, schrieb Nick Kew: > On Sun, 12 Aug 2012 22:25:37 +0200 > Reindl Harald <[email protected]> wrote: > >> HTTP/1.1 404 Not Found on Accelerator >> >> is there a way to replace this response-header with >> a STANDARD "HTTP/1.1 404 Not Found"? >> >> why in the world does software make service.-fingerprinting >> so easy while the backend-server is comletly obfuscated? > > Don't know why. But the response messages are completely at > the discretion of the server, so it would be perverse but not > a violation to say "404 Forbidden" or "404 I love you". > > You can change the string in proxy/http/HttpTransact.cc
wouldn't it bee good to change this upstream to "HTTP/1.1 404 Not Found"? this way a client/vulnerable scanner does not know with the first response that Trafficserver is used as long proxy.config.http.response_server_enabled is set to 0
signature.asc
Description: OpenPGP digital signature
