Bug#843014: Apache2: ServerTokens Minimal

To: 843014@bugs.debian.org
Subject: Bug#843014: Apache2: ServerTokens Minimal
From: receive@sdvoijspa.tk
Date: Wed, 04 Mar 2020 21:34:12 +0100
Message-id: <[🔎] 448368015dc61212bd55098a4f396929@sdvoijspa.tk>
Reply-to: receive@sdvoijspa.tk, 843014@bugs.debian.org
References: <a1e81759-34b3-50c7-a033-0cd5cc71af35@gmx.de>

Hi there,
just would like to add my opinion.

First of all,
thank you Stefan for tagging this as "wontfix".

To be honest, for myself these tokens are essential for debuggingcustomer appliances without having access to their services. We're ableto identify their server software easily through these headers and areable to provide proper support services to them.Further they're enabling us to gather simple statistical informationthroughout our monitoring.

Further, normal users are able to gather simple information by a simplenmap scan of their server which services are running on it if they'reunexperienced in usage.Some tutorials rely on these headers and if we wouldn't have themanymore, we couldn't use them also properly anymore. Just google abitand you'll find one quite fast.


All in all, they're quite nice to have.
If anyone feels annoyed of them, they're able to turn it of.

I don't think we should remove it by default. As Stefan alreadymentioned they could be a security issue - but as a black hat you couldgather the server information anyway quite fast if youre experiencedenough.


Best wishes,
Anna Sdvoijspa

Reply to:

Prev by Date: 4276 3200 1093 6913
Next by Date: Saludos
Previous by thread: 4276 3200 1093 6913
Next by thread: Saludos
Index(es):
- Date
- Thread