Skip to content

Disable Server Signature #23

Closed
askmatey opened this Issue Jul 16, 2012 · 3 comments

2 participants

@askmatey

This is a request for a Cherokee enhancement...

In Cherokee Admin:

General Settings > Server Tokens (pull down)

Provide a field for NONE.

Have Cherokee feed back a blank server identification or do not send field
at all if NONE is set.

@skinkie
Cherokee Project member
skinkie commented Jul 16, 2012

This has nothing to do with security. A patch that implements this can be found here:

skinkie@1d6ff06

@skinkie skinkie closed this Jul 16, 2012
@askmatey

Of course it does - it gives me the ability, to prevent my servers from any sniffing bots. They need to go harder !

@skinkie
Cherokee Project member
skinkie commented Jul 16, 2012

Like Alvaro commented: there are numerous ways to fingerprint a webserver. This is security by obscurity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.