diff options
author | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2007-03-22 20:08:19 +0000 |
---|---|---|
committer | Pierre-Yves Ritschard <pyr@cvs.openbsd.org> | 2007-03-22 20:08:19 +0000 |
commit | 6eba61501011365450f62c69b32e7e7724814a76 (patch) | |
tree | 296e0f59e9aaa9555c51667dd80c9e66dd7361c5 | |
parent | e78121ae1c5ec31894835d605b12c68cfebbf7d1 (diff) |
remove default output of version numbers to silence confused auditing
programs.
prompted by deraadt@ and cloder@, ok cloder@, henning@, xsa@
-rw-r--r-- | usr.sbin/httpd/conf/httpd.conf | 11 | ||||
-rw-r--r-- | usr.sbin/httpd/src/main/http_main.c | 6 |
2 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf index 450f1c0f265..519f6012dd6 100644 --- a/usr.sbin/httpd/conf/httpd.conf +++ b/usr.sbin/httpd/conf/httpd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: httpd.conf,v 1.19 2006/02/22 15:07:12 henning Exp $ +# $OpenBSD: httpd.conf,v 1.20 2007/03/22 20:08:18 pyr Exp $ # # Based upon the NCSA server configuration files originally by Rob McCool. # @@ -49,6 +49,13 @@ ServerType standalone # +# ServerTokens is either Full, OS, Minimal, or ProductOnly. +# The values define what version information is returned in the +# Server header in HTTP responses. +# +# ServerTokens ProductOnly + +# # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # @@ -573,7 +580,7 @@ CustomLog logs/access_log common # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # -ServerSignature On +# ServerSignature Off # # Aliases: Add here as many aliases as you need (with no limit). The format is diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index 778cc734e86..76048076b81 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_main.c,v 1.45 2006/07/28 14:07:22 henning Exp $ */ +/* $OpenBSD: http_main.c,v 1.46 2007/03/22 20:08:18 pyr Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -295,7 +295,7 @@ static char *server_version = NULL; static int version_locked = 0; /* Global, alas, so http_core can talk to us */ -enum server_token_type ap_server_tokens = SrvTk_FULL; +enum server_token_type ap_server_tokens = SrvTk_PRODUCT_ONLY; /* Also global, for http_core and http_protocol */ API_VAR_EXPORT int ap_protocol_req_check = 1; @@ -310,7 +310,7 @@ API_VAR_EXPORT int ap_change_shmem_uid = 0; static void reset_version(void *dummy) { version_locked = 0; - ap_server_tokens = SrvTk_FULL; + ap_server_tokens = SrvTk_PRODUCT_ONLY; server_version = NULL; } |