Re: [PATCH 40026] ServerTokens Off

Fri, 11 Aug 2006 08:59:05 -0700 

Sebastian Nohn wrote:

> I'd like to propose these patches for inclusion:
> 
>  http://www.nohn.org/blog/uploads/servertokens_off.patch
>  http://www.nohn.org/blog/uploads/servertokens_off_documentation.patch

Patches are now attached by request.

I'm looking forward for your comments.

Sebastian


diff -ru httpd-2.0.58/modules/http/http_protocol.c 
httpd-2.0.58.new/modules/http/http_protocol.c
--- httpd-2.0.58/modules/http/http_protocol.c   2006-04-24 19:12:21.000000000 
+0200
+++ httpd-2.0.58.new/modules/http/http_protocol.c       2006-07-23 
17:53:01.000000000 +0200
@@ -1280,12 +1280,15 @@
         }
     }
     else {
-        form_header_field(&h, "Server", ap_get_server_version());
+        char *server_version = ap_get_server_version();
+        if (server_version[0] != '\0') {
+            form_header_field(&h, "Server", ap_get_server_version());
+        }
     }
 
     /* unset so we don't send them again */
     apr_table_unset(r->headers_out, "Date");        /* Avoid bogosity */
-    apr_table_unset(r->headers_out, "Server");
+    apr_table_unset(r->headers_out, "Server"); 
 }
 
 AP_DECLARE(void) ap_basic_http_header(request_rec *r, apr_bucket_brigade *bb)
diff -ru httpd-2.0.58/server/core.c httpd-2.0.58.new/server/core.c
--- httpd-2.0.58/server/core.c  2006-04-24 19:12:21.000000000 +0200
+++ httpd-2.0.58.new/server/core.c      2006-07-23 17:07:38.000000000 +0200
@@ -2436,7 +2436,8 @@
     SrvTk_MINIMAL,      /* eg: Apache/2.0.41 */
     SrvTk_OS,           /* eg: Apache/2.0.41 (UNIX) */
     SrvTk_FULL,         /* eg: Apache/2.0.41 (UNIX) PHP/4.2.2 FooBar/1.2b */
-    SrvTk_PRODUCT_ONLY  /* eg: Apache */
+    SrvTk_PRODUCT_ONLY, /* eg: Apache */
+    SrvTk_OFF           /* eg: Nothing at all */
 };
 static enum server_token_type ap_server_tokens = SrvTk_FULL;
 
@@ -2491,7 +2492,10 @@
  */
 static void ap_set_version(apr_pool_t *pconf)
 {
-    if (ap_server_tokens == SrvTk_PRODUCT_ONLY) {
+    if (ap_server_tokens == SrvTk_OFF) {
+        ap_add_version_component(pconf, "");
+    }
+    else if (ap_server_tokens == SrvTk_PRODUCT_ONLY) {
         ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT);
     }
     else if (ap_server_tokens == SrvTk_MINIMAL) {
@@ -2540,6 +2544,9 @@
     else if (!strcasecmp(arg, "Prod") || !strcasecmp(arg, "ProductOnly")) {
         ap_server_tokens = SrvTk_PRODUCT_ONLY;
     }
+    else if (!strcasecmp(arg, "Off") ) {
+        ap_server_tokens = SrvTk_OFF;
+    }
     else {
         ap_server_tokens = SrvTk_FULL;
     }

diff -ru docs/conf/httpd-std.conf.in docs.new/conf/httpd-std.conf.in
--- docs/conf/httpd-std.conf.in 2006-07-23 18:02:40.000000000 +0200
+++ docs.new/conf/httpd-std.conf.in     2006-07-23 18:10:07.000000000 +0200
@@ -520,8 +520,9 @@
 # This directive configures what you return as the Server HTTP response
 # Header. The default is 'Full' which sends information about the OS-Type
 # and compiled in modules.
-# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
-# where Full conveys the most information, and Prod the least.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod | Off
+# where Full conveys the most information, and Prod the least. Off will display
+# no information at all.
 #
 ServerTokens Full
 
Only in docs.new/conf: httpd-std.conf.in~
diff -ru docs/conf/httpd-win.conf docs.new/conf/httpd-win.conf
--- docs/conf/httpd-win.conf    2006-07-23 18:02:40.000000000 +0200
+++ docs.new/conf/httpd-win.conf        2006-07-23 18:06:02.000000000 +0200
@@ -446,8 +446,9 @@
 # This directive configures what you return as the Server HTTP response
 # Header. The default is 'Full' which sends information about the OS-Type
 # and compiled in modules.
-# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
-# where Full conveys the most information, and Prod the least.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod | Off
+# where Full conveys the most information, and Prod the least. Off will
+# display no information at all.
 #
 ServerTokens Full
 
Only in docs.new/conf: httpd-win.conf~
diff -ru docs/manual/mod/core.xml docs.new/manual/mod/core.xml
--- docs/manual/mod/core.xml    2006-07-23 18:03:16.000000000 +0200
+++ docs.new/manual/mod/core.xml        2006-07-23 18:08:23.000000000 +0200
@@ -2792,7 +2792,7 @@
 <name>ServerTokens</name>
 <description>Configures the <code>Server</code> HTTP response
 header</description>
-<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</syntax>
+<syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full|Off</syntax>
 <default>ServerTokens Full</default>
 <contextlist><context>server config</context></contextlist>
 
@@ -2832,6 +2832,10 @@
 
       <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.0.41
       (Unix) PHP/4.2.2 MyMod/1.2</code></dd>
+
+      <dt><code>ServerTokens Off</code></dt>
+
+      <dd>Server does not send a <code>Server</code> header</dd>
     </dl>
 
     <p>This setting applies to the entire server, and cannot be
Only in docs.new/manual/mod: core.xml~

Reply via email to