Hi, I recently patched my debian apache server source to add a new ServerToken value, ServerToken=Hide, which will remove the Server, Date, and Last-Modified headers (to make server identification a little more difficult (yes I know this is bad for proxies, if that's a big deal we can just have it remove the Server: header, that's probably all most people would expect anyway)). I had to patch the server instead of using mod_headers because these headers get added *after* the last module is called (or so it appears).
I made my changes to debian's apache_1.3.27-0.1_i386 source package. Anyhow, I'm curious if the httpd project would be interested in a change like this, and if so what the best way to submit these patches would be? Sorry to be such a n00b... TIA, Phil Brass Senior Security Consultant Internet Security Systems