According to Sebastian Nohn: > I personally think, "ego" is a bad reason for constricting people.
This has nothing to do with "ego". In my opinion it is more than appropriate to put a "label" in the form of the Server header onto the Apache HTTP Server. For example, if I buy a car I can usually order it without the exact type information/logos added to the car, but I just cannot order it without any logo of the manufacturer itself. For offering such an option with Apache I've only seen two arguments: 1. Making the server more secure by not revealing any (or fake) server information. 2. Saving bandwidth. Well, when we've had similar discussions in the past they were usually about argument No. 1, but the consensus was always that a security-by-obscurity feature in Apache does not make sense. Saving bandwidth is a valid point, but as I already pointed out in my previous email, it is only relevant to a very very tiny fraction of Apache users. Those users who run a high-traffic web site usually use self-compiled, or customized versions of Apache anyway, and for them it's easy to modify the code themselves to get rid of the Server header. Apart from that, it's also possible to customize the Server header by using mod_security which has a configuration directive for this. ciao... -- Lars Eilebrecht [EMAIL PROTECTED]
