From 099e61ebdc50558ac452ea0a7ebd2cc5e931b5d8 Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Fri, 6 Jun 2003 02:48:55 +0000 Subject: [PATCH] Don't respect the Server header field as set by modules and CGIs. As with 1.3, for proxy requests any such field is from the origin server; otherwise it will have our server info as controlled by the ServerTokens directive. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100182 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ modules/http/http_protocol.c | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 262f529991..14ec0bbbb3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) Don't respect the Server header field as set by modules and CGIs. + As with 1.3, for proxy requests any such field is from the origin + server; otherwise it will have our server info as controlled by + the ServerTokens directive. [Jeff Trawick] + *) Fix some broken log messages in WinNT MPM. [Juan Rivera ] diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 0e2ec4b7d3..61cb7f6eea 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -1299,10 +1299,13 @@ static void basic_http_header(request_rec *r, apr_bucket_brigade *bb, h.bb = bb; form_header_field(&h, "Date", date); - /* keep a previously set server header (possibly from proxy), otherwise + /* keep the set-by-proxy server header, otherwise * generate a new server header */ - if ((server = apr_table_get(r->headers_out, "Server")) != NULL) { - form_header_field(&h, "Server", server); + if (r->proxyreq != PROXYREQ_NONE) { + server = apr_table_get(r->headers_out, "Server"); + if (server) { + form_header_field(&h, "Server", server); + } } else { form_header_field(&h, "Server", ap_get_server_version()); -- 2.50.1