Lars Eilebrecht wrote: > > Apart from that, it's also possible to customize the Server header by > using mod_security which has a configuration directive for this.
My 2c, let's adopt the patch for three reasons... 1. it's an FAQ that would -go away-, less stress for our peer apache user supporters 2. it's not required. Advertising it's not even required, the number of installed Apache servers can be derived from the % of servers which do advertise Apache v.s. others that allow users to hide this header, and using that % for the server token blind installations. Clients can default to the lowest common denominator if they aren't able to determine what the server is doing.(*) 3. it will dissuade folks from adopting thirdparty modules for foolish reasons, sparing those projects to deal only with users who actually plan to take advantage of their real features ;-) (*) and fools who -use- the 'feature' can pay the penalty for clients which choose not to trust that the anonymous server is capable of -correctly- serving byterange, compression or other features which conserve server load - but aren't consistently implemented properly by all HTTP/1.1 servers ;-)