Bug#249628: Apache Server header contains questionable product tokens

To: <submit@bugs.debian.org>
Subject: Bug#249628: Apache Server header contains questionable product tokens
From: "NESTING, DAVID M (SBCSI)" <dn3723@sbc.com>
Date: Tue, 18 May 2004 10:33:43 -0500
Message-id: <[🔎] D8A36B741FD7BF45ADE6DA228E05B19601857056@mostls1msgusr06.itservices.sbc.com>
Reply-to: "NESTING, DAVID M (SBCSI)" <dn3723@sbc.com>, 249628@bugs.debian.org

Package: apache
Version: 1.3.26

The "Server" HTTP header returned by Debian versions of Apache looks like this (as obtained from www.debian.org for the purposes of an example):

Server: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2 DAV/1.0.3

These parse as 5 different product tokens:

1. Apache version 1.3.26
2. Debian (no version)
3. GNU version Linux
4. PHP version 4.1.2
5. DAV version 1.0.3

The "Debian" and "GNU/Linux" are the questionable bits.  While it's OK to have a product token with no version number, the GNU/Linux is especially weird to see here.

I might re-examine your branding requirements here and take a closer look at the HTTP/1.1 spec to ensure your product tokens are correct.  It might be worth considering placing these pseudo-products into the comment after the Apache product token:

Server: Apache/1.3.26 (Unix; GNU/Linux (Debian))

David

Reply to:

Follow-Ups:
- Bug#249628: marked as done (Apache Server header contains questionable product tokens)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#248730: Error: dynamic loading not available in this perl
Next by Date: Bug#249632: apache-perl: Doesn't Install (might be Apache::DBI's fault but starting here)
Previous by thread: hollingsworth
Next by thread: Bug#249628: marked as done (Apache Server header contains questionable product tokens)
Index(es):
- Date
- Thread