On Fri, 16 Aug 2002, Hector A. Paterno wrote: > Hi, I have found a discrepancy between mod_auth and ServerTokens Prod. > Using, openbsd CURRENT , apache 1.3.26, as the example: > I add the following line to the httpd.conf file : > ServerTokens Prod > So, when I try to get the version/modules of apache with the HEAD > method, I obtain as a reply only the type of the server : > HEAD / HTTP/1.0\r\n\r\n > [info] > Server: Apache > [info] > But , when I enable mod_auth and try to access the protected directory > with an invalid username / password, I obtain the following errror : > 401 Authorization Required > [bleh bleh info] > Apache/1.3.26 Server at xxxxx Port 80 > Giving me the version of the apache server. > I'm not an apache guru, but from from my point of view this seems to be a > flaw(?) in the mod_auth module. > Comments appreciated.
This is a misconfiguration. See also the ServerSignature directive. --Cliff -------------------------------------------------------------- Cliff Woolley [EMAIL PROTECTED] Apache Software Foundation
