From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) Description of problem: the Header and RequestHeader directives fail to set the server header to the required value. for example. with the ServerTokens directive set to 'OS' and with the following entires Header unset Server Header set Server "myApache" RequestHeader unset Server RequestHeader set Server "myApache" should "shield" the version of the http server and simply serve "myApache" whenever a request from netcraft.com or port80software.com tools comes in. however it fails to do so. it did work correctly under the previous RH8 x86 running httpd-2.0.40 with the exact previous settings Version-Release number of selected component (if applicable): httpd-2.0.40-26.ent How reproducible: Always Steps to Reproduce: 1.edit the httpd.conf file and insert Header unset Server Header set Server "myApache" RequestHeader unset Server RequestHeader set Server "myApache" 2.make sure that the ServerTokens is set to 'OS' and NOT to 'Prod' 3.check your server headers with a tool called 'servermask' from http://www.port80software.com/support/p80tools it should say "myApache" instead of the generic Red Hat Apache 2.0.46 Actual Results: header check tools identifies our headers as the stock ones bundled with RHEL 3.0 Expected Results: it should set the Server token to the correct token given by the directive Header set Server "myApache" Additional info: i had the same config file with the 3 following directives running on rh8.0 with apache 2.0.40 ServerTokens OS Header unset Server Header set Server "myApache" RequestHeader unset Server RequestHeader set Server "myApache" and whenever i did a check on the headers it correctly reported as being server from a machine running "myApache" now someone reported that 2.0.47 indeed fails on fedora 1 also but it runs well on 2.0.48 also on fedora
Thanks for the report. It is actually the intended behaviour that modules are not allowed to change the Server header; this rule was relaxed in earlier versions of httpd-2.0 by mistake. The Server header cannot be overriden in this way from httpd-2.0.48 and later; the httpd package in RHEL also includes the fix. You can use "ServerTokens Prod" to configure simply "Server: Apache" if you do not wish to reveal the OS or httpd version in that string.