On Wed, May 02, 2001 at 03:22:51PM +0100, Matt Sergeant wrote:
> On Wed, 2 May 2001, Mark Maunder wrote:
>
> > You can get the server string in the header down to a minimum (Just 'Apache')
> > by putting
> > ServerTokens ProductOnly
> > on your httpd.conf. (Only supported after 1.3.12)
> > You can then use ap_add_version_component (C API) to add stuff after that.
>
> Right, but the problem is you can't do this after module initialization
> (which is where mod_perl adds it's bits), but the PerlModule's are loaded
> after that time, so you can't do it from Perl, at least not without a
> major re-design of the mod_perl internals. You can't even do it from XS
> loaded from Perl, because of that reason.
>
That is right, modperl cannot do this. I guess we have
to live with certain limitations of modperl. However, I just
found out that it is trivial to change this Server header to
whatever you want by changing just a single line in the apache
source file http_main.c:
API_EXPORT(const char *) ap_get_server_version(void)
{
return (server_version ? server_version : SERVER_BASEVERSION);
}
Just replace the return statement above with
return "My Customized Web Server";
and rebuild your new httpd. I have even tried this on the
old stronghold server running apache 1.3.6 and it worked.
Since the apache source is always available, this customization
is not a big deal.
The reason I wanted to do this was not to let people find out
(not easily that is) what we are running so that they cannot
exploit known security holes of the past version.
Richard Chen
