>On Wed, 2 May 2001, Richard Chen wrote:
>
> On Wed, May 02, 2001 at 03:22:51PM +0100, Matt Sergeant wrote:
> > On Wed, 2 May 2001, Mark Maunder wrote:
> >
> > > You can get the server string in the header down to a minimum (Just 'Apache')
> > > by putting
> > > ServerTokens ProductOnly
> > > on your httpd.conf. (Only supported after 1.3.12)
> > > You can then use ap_add_version_component (C API) to add stuff after that.
> >
> > Right, but the problem is you can't do this after module initialization
> > (which is where mod_perl adds it's bits), but the PerlModule's are loaded
> > after that time, so you can't do it from Perl, at least not without a
> > major re-design of the mod_perl internals. You can't even do it from XS
> > loaded from Perl, because of that reason.
> >
>
> That is right, modperl cannot do this. I guess we have
> to live with certain limitations of modperl. However, I just
> found out that it is trivial to change this Server header to
> whatever you want by changing just a single line in the apache
> source file http_main.c:
>
> API_EXPORT(const char *) ap_get_server_version(void)
> {
> return (server_version ? server_version : SERVER_BASEVERSION);
> }
>
> Just replace the return statement above with
>
> return "My Customized Web Server";
I found the following to work better, I tried the same fix as above and it
caused a few problems with 1.3.17:
API_EXPORT(const char *) ap_get_server_version(void)
{
strcpy(server_version, "My Mod_perl Server");
return (server_version ? server_version : SERVER_BASEVERSION);
}
--
[EMAIL PROTECTED]
http://www.kplworks.com/
>
> and rebuild your new httpd. I have even tried this on the
> old stronghold server running apache 1.3.6 and it worked.
> Since the apache source is always available, this customization
> is not a big deal.
>
> The reason I wanted to do this was not to let people find out
> (not easily that is) what we are running so that they cannot
> exploit known security holes of the past version.
>
> Richard Chen
>
