From 6eba61501011365450f62c69b32e7e7724814a76 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Ritschard Date: Thu, 22 Mar 2007 20:08:19 +0000 Subject: remove default output of version numbers to silence confused auditing programs. prompted by deraadt@ and cloder@, ok cloder@, henning@, xsa@ --- usr.sbin/httpd/conf/httpd.conf | 11 +++++++++-- usr.sbin/httpd/src/main/http_main.c | 6 +++--- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf index 450f1c0f265..519f6012dd6 100644 --- a/usr.sbin/httpd/conf/httpd.conf +++ b/usr.sbin/httpd/conf/httpd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: httpd.conf,v 1.19 2006/02/22 15:07:12 henning Exp $ +# $OpenBSD: httpd.conf,v 1.20 2007/03/22 20:08:18 pyr Exp $ # # Based upon the NCSA server configuration files originally by Rob McCool. # @@ -48,6 +48,13 @@ # ServerType standalone +# +# ServerTokens is either Full, OS, Minimal, or ProductOnly. +# The values define what version information is returned in the +# Server header in HTTP responses. +# +# ServerTokens ProductOnly + # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. @@ -573,7 +580,7 @@ CustomLog logs/access_log common # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # -ServerSignature On +# ServerSignature Off # # Aliases: Add here as many aliases as you need (with no limit). The format is diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index 778cc734e86..76048076b81 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_main.c,v 1.45 2006/07/28 14:07:22 henning Exp $ */ +/* $OpenBSD: http_main.c,v 1.46 2007/03/22 20:08:18 pyr Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -295,7 +295,7 @@ static char *server_version = NULL; static int version_locked = 0; /* Global, alas, so http_core can talk to us */ -enum server_token_type ap_server_tokens = SrvTk_FULL; +enum server_token_type ap_server_tokens = SrvTk_PRODUCT_ONLY; /* Also global, for http_core and http_protocol */ API_VAR_EXPORT int ap_protocol_req_check = 1; @@ -310,7 +310,7 @@ API_VAR_EXPORT int ap_change_shmem_uid = 0; static void reset_version(void *dummy) { version_locked = 0; - ap_server_tokens = SrvTk_FULL; + ap_server_tokens = SrvTk_PRODUCT_ONLY; server_version = NULL; } -- cgit v1.2.3