[PATCH] don't send Server header field as set by CGI or module

[Jeff Trawick]

I think the doors were opened up too far with this fix, which was 
apparently intended to respect Server as set by the origin server for a 
proxy request:

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/http/http_protocol.c.diff?r1=1.399&r2=1.400

Attached is an alternate, which matches 1.3 AFAICT.  I need to test it 
with proxy to make sure proxyreq is set properly, but I have at least 
confirmed that a CGI script can't decide what Server we should report.

Any concerns before I test further and commit?
Index: modules/http/http_protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v
retrieving revision 1.469
diff -u -r1.469 http_protocol.c
--- modules/http/http_protocol.c        9 May 2003 21:37:55 -0000       1.469
+++ modules/http/http_protocol.c        5 Jun 2003 20:31:10 -0000
@@ -1299,10 +1299,13 @@
     h.bb = bb;
     form_header_field(&h, "Date", date);
 
-    /* keep a previously set server header (possibly from proxy), otherwise
+    /* keep the set-by-proxy server header, otherwise
      * generate a new server header */
-    if ((server = apr_table_get(r->headers_out, "Server")) != NULL) {
-        form_header_field(&h, "Server", server);
+    if (r->proxyreq) {
+        server = apr_table_get(r->headers_out, "Server");
+        if (server) {
+            form_header_field(&h, "Server", server);
+        }
     }
     else {
         form_header_field(&h, "Server", ap_get_server_version());