summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPierre-Yves Ritschard <pyr@cvs.openbsd.org>2007-03-22 20:08:19 +0000
committerPierre-Yves Ritschard <pyr@cvs.openbsd.org>2007-03-22 20:08:19 +0000
commit6eba61501011365450f62c69b32e7e7724814a76 (patch)
tree296e0f59e9aaa9555c51667dd80c9e66dd7361c5
parente78121ae1c5ec31894835d605b12c68cfebbf7d1 (diff)
remove default output of version numbers to silence confused auditing
programs. prompted by deraadt@ and cloder@, ok cloder@, henning@, xsa@
-rw-r--r--usr.sbin/httpd/conf/httpd.conf11
-rw-r--r--usr.sbin/httpd/src/main/http_main.c6
2 files changed, 12 insertions, 5 deletions
diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf
index 450f1c0f265..519f6012dd6 100644
--- a/usr.sbin/httpd/conf/httpd.conf
+++ b/usr.sbin/httpd/conf/httpd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: httpd.conf,v 1.19 2006/02/22 15:07:12 henning Exp $
+# $OpenBSD: httpd.conf,v 1.20 2007/03/22 20:08:18 pyr Exp $
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
@@ -49,6 +49,13 @@
ServerType standalone
#
+# ServerTokens is either Full, OS, Minimal, or ProductOnly.
+# The values define what version information is returned in the
+# Server header in HTTP responses.
+#
+# ServerTokens ProductOnly
+
+#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
@@ -573,7 +580,7 @@ CustomLog logs/access_log common
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
-ServerSignature On
+# ServerSignature Off
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c
index 778cc734e86..76048076b81 100644
--- a/usr.sbin/httpd/src/main/http_main.c
+++ b/usr.sbin/httpd/src/main/http_main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: http_main.c,v 1.45 2006/07/28 14:07:22 henning Exp $ */
+/* $OpenBSD: http_main.c,v 1.46 2007/03/22 20:08:18 pyr Exp $ */
/* ====================================================================
* The Apache Software License, Version 1.1
@@ -295,7 +295,7 @@ static char *server_version = NULL;
static int version_locked = 0;
/* Global, alas, so http_core can talk to us */
-enum server_token_type ap_server_tokens = SrvTk_FULL;
+enum server_token_type ap_server_tokens = SrvTk_PRODUCT_ONLY;
/* Also global, for http_core and http_protocol */
API_VAR_EXPORT int ap_protocol_req_check = 1;
@@ -310,7 +310,7 @@ API_VAR_EXPORT int ap_change_shmem_uid = 0;
static void reset_version(void *dummy)
{
version_locked = 0;
- ap_server_tokens = SrvTk_FULL;
+ ap_server_tokens = SrvTk_PRODUCT_ONLY;
server_version = NULL;
}