Hi, I have found a discrepancy between mod_auth and ServerTokens Prod. Using, openbsd CURRENT , apache 1.3.26, as the example: I add the following line to the httpd.conf file : ServerTokens Prod So, when I try to get the version/modules of apache with the HEAD method, I obtain as a reply only the type of the server : HEAD / HTTP/1.0\r\n\r\n [info] Server: Apache [info] But , when I enable mod_auth and try to access the protected directory with an invalid username / password, I obtain the following errror : 401 Authorization Required [bleh bleh info] Apache/1.3.26 Server at xxxxx Port 80 Giving me the version of the apache server. I'm not an apache guru, but from from my point of view this seems to be a flaw(?) in the mod_auth module. Comments appreciated. Best Regards. -- Hector A. Paterno Digital Security Networks S.A. Mail : apaterno@dsnargentina.com.ar Fido : 4:901/343.5 pub 1024D/C1F2348C 2001-12-04 Hector A. Paterno <apaterno@dsnargentina.com.ar> Key Fingerprint : D741 154E 5CA0 C446 1A7B 4750 0469 0BEB C1F2 348C Key ID : 0xC1F2348C ( pgp.mit.edu )
