Bug#249628: Apache Server header contains questionable product tokens
Package: apache
Version: 1.3.26
The "Server" HTTP header returned by Debian versions of Apache looks like this (as obtained from www.debian.org for the purposes of an example):
Server: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2 DAV/1.0.3
These parse as 5 different product tokens:
1. Apache version 1.3.26
2. Debian (no version)
3. GNU version Linux
4. PHP version 4.1.2
5. DAV version 1.0.3
The "Debian" and "GNU/Linux" are the questionable bits. While it's OK to have a product token with no version number, the GNU/Linux is especially weird to see here.
I might re-examine your branding requirements here and take a closer look at the HTTP/1.1 spec to ensure your product tokens are correct. It might be worth considering placing these pseudo-products into the comment after the Apache product token:
Server: Apache/1.3.26 (Unix; GNU/Linux (Debian))
David
Reply to: