You can clone with
I am web-project developer. Recently I am working for the project using yaws as the http server for a bank！
According to security, my customer hope that wo would clear yaws version info away from http header. Sometimes the leak of the info like it can make the system vulnerable to attack. The same as ohter web server(tomcat,weblogic), Yaws should supply some fields to control it in the profile.However， I spend almost one day to find in the profile、instruction even code of Yaws. Unfortunately，I got nothing！
Do I still need to find the fields? Do The Yaws provides the fields?
I know ! Yaws 1.92 can support the fields in the profile. Now, I am busy to update yaws from version 1.88 to version 1.92!
Correct. If you set the server_signature global configuration variable, you can control what is returned in the "Server" HTTP response header.
A commit yesterday also added the ability to set server_signature on a per-virtual-server level as well as at the global level.
As you say, wo can pass the problem like this. But for Yaws-1.88, I had to change the code (yaws_generated.complete),then configure && make again! However I knwow whether this can cause some side effect！
For Yaws 1.88, I recommend just changing the code in src/yaws.erl around line 1364. The code there looks like this:
["Server: Yaws/", yaws_generated:version(), " Yet Another Web Server\r\n" |
Change that to:
["Server: Yaws (Yet Another Web Server)\r\n" |
or something equally as suitable.