Jeff Trawick wrote: > > We're up to two great answers to disable some output from the server > that isn't required by the HTTP protocol anyway: > > 1) modify the source > 2) install third-party module >
Well, as you recall, I voted +1 on the patch. My concern is that others have concerns (and there is a veto on the table as well). If there were no other options for people who wished to disable the Server header, then maybe the drive would be stronger to make it part of ServerTokens. But there are other options... IIRC, being able to remove Server was a major mod_security selling point. -- =========================================================================== Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "If you can dodge a wrench, you can dodge a ball."
