Lars Eilebrecht wrote: > > According to Jim Jagielski: > > > I didn't propose this to create (yet another) heated discussion, > > too late ;) > > > > simply to suggest that we take ServerTokens to its logical > > conclusion based on some requests I've seen. :) > > Sorry, but I don't see this as the logical conclusion of > the ServerTokens directive. > Being able to manage what third-party modules put in the > server header is one thing, but changing the header to > an arbitrary think does not seem logical to me, nor is > it a security feature. >
ServerTokens allows more than just the removal of the module descriptions. For what other "reason" does the ability to go from Apache/2.0.49-dev (Unix) to Apache/2.0.49-dev to Apache/2.0 to Apache/2 to Apache provide rather than ways to "obscure" "relative" information about this specific build of Apache? Certainly Admins do this because "I don't want people to know what specific version of Apache I'm using". I'm not really as Pro this "enhancement" as it may seem :) -- =========================================================================== Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "A society that will trade a little liberty for a little order will lose both and deserve neither" - T.Jefferson