Lars Eilebrecht wrote:
>
> Apart from that, it's also possible to customize the Server header by
> using mod_security which has a configuration directive for this.
My 2c, let's adopt the patch for three reasons...
1. it's an FAQ that would -go away-, less stress for our peer apache
user supporters
2. it's not required. Advertising it's not even required, the number of
installed Apache servers can be derived from the % of servers which do
advertise Apache v.s. others that allow users to hide this header, and
using that % for the server token blind installations. Clients can
default to the lowest common denominator if they aren't able to determine
what the server is doing.(*)
3. it will dissuade folks from adopting thirdparty modules for foolish reasons,
sparing those projects to deal only with users who actually plan to take
advantage of their real features ;-)
(*) and fools who -use- the 'feature' can pay the penalty for clients which
choose not to trust that the anonymous server is capable of -correctly- serving
byterange, compression or other features which conserve server load - but aren't
consistently implemented properly by all HTTP/1.1 servers ;-)
