mod_sesehe SEcure SErver HEader 1.0 review

Download
by rbytes.net on

mod_sesehe SEcure SErver HEader is an Apache module that disguise or remove "Server: " HTTP header. The ServerTokens directive curre

License: The Apache License 2.0
File size: 6K
Developer: Francois Pesce
0 stars award from rbytes.net

mod_sesehe SEcure SErver HEader is an Apache module that disguise or remove "Server: " HTTP header.

The ServerTokens directive currently can at best be set to Prod, which will cause apache to return "Apache" as Server header. Some problem still occurs:
First, the level of security by obscurity of this directive is not acceptable by some people that just want to change it to some other value, without re-compiling Apache, or people that even want to simply drop the "Server: " header. Secondly, if apache is configured as a reverse proxy, and a malformed request is received, then it will display its own server token instead of the backend one, so we need to handle error response header.

I developed this tiny module by hijacking normal behavior of (reverse) proxy feature of Apache : i.e. even if a request is not a proxy request, I tag it as if it was, to make Apache core let me do what I want with this header.

Requirements:
Apache

mod_sesehe SEcure SErver HEader 1.0 search tags