Hi! When checking a Servers reply to a HEAD request, I found, that the "Server: " line contained some bytes from the apache config (part of a rewrite rule). When saving the config with just commenting out the rewrite rule, other things appeared in the Server header, e.g. "RealPlayer 4\.0 (the corresponding line in the default config says: BrowserMatch "RealPlayer 4\.0" force-response-1.0). Sometimes there are hex bytes in it, so it leaks from the memory, not from the file directly. To reproduce, do this: tar xfvz httpd-2.0.61.tar.gz cd httpd-2.0.61 ./configure --prefix=/opt/apache2 --enable-rewrite --enable-so --enable-ssl && make && make install cd /opt/apache2/conf curl -O http://ge.mine.nu/httpd.conf modify the file so that it fits to your IP config! Then: /opt/apache2/bin/apachectl start printf "HEAD / HTTP/1.1\r\nhost: www.f00bar.de\r\nConnection: close\r\n\r\n" | nc 192.168.0.75 80 There might be some hex bytes in the output. [root@e6600 ~]# printf "HEAD / HTTP/1.1\r\nhost: www.f00bar.de\r\nConnection: close\r\n\r\n" | nc 192.168.0.75 80 | xxd 0000000: 4854 5450 2f31 2e31 2033 3031 204d 6f76 HTTP/1.1 301 Mov 0000010: 6564 2050 6572 6d61 6e65 6e74 6c79 0d0a ed Permanently.. 0000020: 4461 7465 3a20 5468 752c 2031 3720 4a61 Date: Thu, 17 Ja 0000030: 6e20 3230 3038 2031 323a 3439 3a34 3220 n 2008 12:49:42 0000040: 474d 540d 0a53 6572 7665 723a 2041 7061 GMT..Server: Apa 0000050: 6368 652f 322e 302e 3631 2028 556e 6978 che/2.0.61 (Unix 0000060: 2920 6d6f 645f 7373 6c2f 322e 302e 3631 ) mod_ssl/2.0.61 0000070: 20e8 d319 0888 d919 08f0 300b 08a0 8406 .........0..... 0000080: 0866 6f72 6365 2d72 6573 706f 6e73 652d .force-response- 0000090: 312e 300d 0a4c 6f63 6174 696f 6e3a 202f 1.0..Location: / 00000a0: 6465 2f0d 0a43 6f6e 6e65 6374 696f 6e3a de/..Connection: 00000b0: 2063 6c6f 7365 0d0a 436f 6e74 656e 742d close..Content- 00000c0: 5479 7065 3a20 7465 7874 2f68 746d 6c3b Type: text/html; 00000d0: 2063 6861 7273 6574 3d69 736f 2d38 3835 charset=iso-885 00000e0: 392d 310d 0a0d 0a 9-1.... IMPORTANT! If you cannot reproduce this (sometimes even a 1 char change in the config makes this behaviour disapper or get you a completely different line!), use 192.168.0.75 temporarily, or just add/remove some blank lines from httpd.conf. It WILL work, I've reproduced this behaviour on 2 Systems, one of them SLES9 SP3 i386 and one is a Gentoo System with latest patches.
This was already fixed in 2.0.63, which will be available in a few days. *** This bug has been marked as a duplicate of 43334 ***