Powered by mod_perl

Here's a quick and easy way for you to advertise your use of mod_perl.

Add this to your Apache conf.

Header add X-Powered-By mod_perl/2.0

You should be able to add it to any appropriate section or directive. I added it right below "ServerTokens Prod".


I wonder who will be detecting this header? Btw, I recently had to turn off X-Powered-By: PHP on my Debian servers because some vulnerability scanner picks the PHP upstream version from this header and (unaware about Debian patch version) insists that the servers are vulnerable due to PHP version being smaller than the rexommended one.

In general, it's not a great idea volunteering too much extra information to potentially misbehaved folks. At a minimum, the following two directives should be present in the apache2.conf file:

ServerSignature Off
ServerTokens Prod

Leave a comment

About Jesse Thompson

user-pic I blog about Perl.