+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
On 08/21/2006 12:34 AM, Lars Eilebrecht wrote:
For offering such an option with Apache I've only seen two arguments:
1. Making the server more secure by not revealing any (or fake)
server information.
2. Saving bandwidth.
Well, when we've had similar discussions in the past
On 8/21/06, Ruediger Pluem [EMAIL PROTECTED] wrote:
Not that I want to use it, but I am just curious about which one that could be.
I know that you can hide the presence of mod_security itself from the server
header
ModSecurity does not advertise itself in the Server header, at least
not any
On Mon, Aug 21, 2006 at 12:34:55AM +0200, Lars Eilebrecht wrote:
Well, when we've had similar discussions in the past they were
usually about argument No. 1, but the consensus was always that
a security-by-obscurity feature in Apache does not make sense.
+1 - looking at the number of IIS
Mads Toftum wrote:
+1 - looking at the number of IIS targeted worms that keep hitting my
apache installs seem to suggest that obscuring the server name will at
most lead to a false sense of security. Besides, if you really care, I'm
pretty sure it wouldn't be all that hard to guess what server
2006/8/21, Ivan Ristic [EMAIL PROTECTED]:
but I do not know how to remove the Server header completly with mod_security.
It is not possible to remove the Server header completely. ModSecuritycan only change it to something else. But I guess one could write anoutput filter to remove it. In fact, I
Hi Jon,
Thanks for letting me know that this issue wont be seen on HPUX. I'll check with the orginal fix that Jeff suggested.
Regards,
PradeepOn 8/20/06, Jon Snow [EMAIL PROTECTED] wrote:
Pradeep,HP-UX will not be affected by the SSL card issue as it was SUN hardware/driverissue that caused the