Received: (qmail 16375 invoked by uid 2012); 10 Apr 1998 15:13:58 -0000 Message-Id: <19980410151358.16374.qmail@hyperreal.org> Date: 10 Apr 1998 15:13:58 -0000 From: Eli Marmor Reply-To: marmor@elmar.co.il To: apbugs@hyperreal.org Subject: No OS name in SERVER_VERSION - 1.3 must have, because now Apache is multi-platform X-Send-Pr-Version: 3.2 >Number: 2056 >Category: protocol >Synopsis: No OS name in SERVER_VERSION - 1.3 must have, because now Apache is multi-platform >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: change-request >Submitter-Id: apache >Arrival-Date: Fri Apr 10 08:20:00 PDT 1998 >Last-Modified: Thu May 7 04:26:08 PDT 1998 >Originator: marmor@elmar.co.il >Organization: >Release: 1.3 >Environment: All >Description: Well, it is not really a bug... but I think it is going to be important, beginning by 1.3: SERVER_VERSION (defined in httpd.h) contains the server name which is returned in the header given to clients. This header helps to know what web server and operating system are run by the site, and brought netcraft to rate Apache as the leading web server, with more installations than all the rest, TOGETHER. In addition, since Apache was available (before 1.3) only under UNIX, NCSA the same, MS-IIS only under NT/95, etc., netcraft could ESTIMATE the percent of UNIX sites, NT/95 sites, MAC sites, etc. (well, the headers of Netscape servers didn't tell anything about the operating system, but you could still have a good estimation by the other web-servers). Beginning by Apache 1.3, this becomes impossible. Since Apache 1.3 (and up) will be available for NT/95 (as well as UNIX and OS/2), it will not be possible to do these surveys, and an important source for information will be missed. In addition, having the numbers of NT/95 installations of Apache vs. UNIX installations etc., will allow us to know where to focus the efforts of developing Apache. My "wish": Please add (before the final 1.3!) the name of the operating system (or at least "UNIX" / "NT" / "OS/2") to the definition of SERVER_VERSION. >How-To-Repeat: By requesting the following from any Apache server: HEAD / HTTP/1.0 >Fix: Of course: Insert the SERVER_VERSION definition in httpd.h into "#ifdef"s per each platform, and mention the OS name in each definition (e.g. "UNIX", "NT/95", "OS/2) >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: coar State-Changed-When: Mon Apr 13 17:35:59 PDT 1998 State-Changed-Why: We're giving this some serious consideration. The last time it came up we decided not to do it because of the exposure - identifying the server as "Windows NT" or "NetBSD" might provide a cracker with hints the webmaster would rather weren't available. Even just limiting it to the OS type (e.g., "UNIX", "Win32", "OS/2", ...) is a little problematical. The functionality may be provided as controllable via compile-time option. Stay tuned.. State-Changed-From-To: analyzed-closed State-Changed-By: coar State-Changed-When: Thu May 7 04:26:08 PDT 1998 State-Changed-Why: This will be possible with the AddVersionPlatform directive, which should be available in the next release after 1.3b6. Thanks for reporting this, and for using Apache! >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]