On 1/24/07, Richard de Vries <richard_devries@xxxxxxxxx> wrote:
It may be a "tiny roadblock" as you put it, but it doesn't cost anything, nor does it hurt anything.
Another error there. Ask yourself: why is this header suggested in the HTTP spec anyway? It wasn't put there to give Netcraft something to sell. It was put there to aid with interoperability problems by helping to identify what software you are dealing with. So next time a client has a problem talking to your server, it will be harder to debug where the problem is. And next time a security bug is discovered in a particular version of apache, you won't be able to quickly scan your network to figure out what severs to block at the firewall. Etc, etc, etc. So the benefit of removing the Server header is essentially zero, and the cost is real (if, perhaps, small). (The real cost is the time you spent researching how to do this and configuring it, when you could have been auditing your php code or doing something else that would really benefit security.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|