/* keep the set-by-proxy server header, otherwise
* generate a new server header */
if (r- proxyreq != PROXYREQ_NONE) {
server = apr_table_get(r- headers_out, "Server");
if (server) {
form_header_field(&h, "Server", server);
}
}
else {
form_header_field(&h, "Server", ap_get_server_version());
}
It does not look the type of proxyreq (PROXYREQ_PROXY, PROXYREQ_REVERSE or PROXYREQ_RESPONSE), so if httpd is configured as a proxy, if I'm not mistaking about this part of the code, and if you use mod_header, you can change this "Server:" too. (Yes I'm too lazy to do the test right now).
2006/8/3, William A. Rowe, Jr. <[EMAIL PROTECTED]>:
François wrote:
>
>> If the response is being forwarded through a proxy, the proxy application
>> MUST NOT modify the Server response-header.
>
> I think that if you configure your httpd in a [reverse] proxy mode,
> mod_header allow you to modify "Server:", so it is not a problem if a
> new directive allows users to change this, at it could already be
> modified with an existing module.
if you mean, in a "reverse" proxy mode, you are right. A reverse proxy
deliberately doesn't follow the RFC, it's transparent, and would be entirely
appropriate to modify any headers as if this machine were the origin server.
But not in the case of "forward" proxy mode - that's what the RFC spelled out.
--
*Francois Pesce*
