- From: David Morris <dwm@xpasc.com>
- Date: Thu, 1 Mar 2007 21:02:03 -0800 (PST)
- cc: Nicolas Krebs <nicolas1.krebs3@netcourrier.com>, <ietf-http-wg@w3.org>
It is worth noting that it is sometimes not advisable to provide details in the Server: field. Crackers are known to use this information to identify vulnerabilities unique to the http server or host OS based on version information. On Fri, 2 Mar 2007, Henrik Nordstrom wrote: > fre 2007-03-02 klockan 00:21 +0100 skrev Nicolas Krebs: > > I wish to know which data are allowed in Server: header-field (HTTP 1.1). > > May i put in an HTTP response "Server: Apache Plone Zope Python" ? > > Yes, if you like to. But you should try make sure to use the official > names for each product, possibly with a /version component. > > > Does "the software used by the origin server to handle the request" include or > > allow each software involved in the answer ? > > You may add tokens for any software component you consider may be > significantly relevant for how the request was processed and the answer > was generated. > > The main reason for publishing software details like this is allow the > server software to be identified making it easier to diagnose problems. > > Regards > Henrik >
Received on Friday, 2 March 2007 05:02:13 UTC