On 9/1/06, Joe Orton <[EMAIL PROTECTED]> wrote:
On Wed, Aug 30, 2006 at 09:18:02AM -0400, Jeff Trawick wrote:
> ... so that ServerTokens doesn't affect what gets logged to the error
> log at startup (or any other place where we want the description of
> the server instead of the banner to be written over the network).
>
> This patch axes ap_get_server_version() so that third-party modules
> will be forced to make a choice in post-2.2.x versions -- call
> ap_get_server_banner() to retrieve the string suitable for sending
> over the network (as controlled by ServerTokens) or call
> ap_get_server_description() to retrieve the string that describes the
> server version and certain plug-in modules.
Looks good to me.
> I haven't actually changed the returned strings with this patch, but
> instead would like to see any comments on the direction. The two
> functions are present and all httpd code has been modified to call the
> proper function, which is also subject to a useful review. What about
> status pages? Is the server version and module configuration somehow
> more private than the status page itself, such that they should use
> ap_get_server_banner() as in the current patch?
I'd agree with Sebastian here, the mod_status output should just use the
more descriptive version, if you are revealing the server state in such
detail you certainly have nothing to hide.
Thanks to both for commenting and to Sebastian for carrying the patch
further. I'll play with Sebastian's logic to return the proper
strings with the plan to commit (but still no ServerTokens None at
that point).
