Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.4.3 overrides IE10 do-not-track setting |
|
| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
 Posted: Sat 08 Sep '12 19:37 Post subject: Apache 2.4.3 overrides IE10 do-not-track setting |
 |
|
Some Buzz around about Do Not Track (DNT) and IE10,
see CNET: http://news.cnet.com/8301-1023_3-57508351-93/apache-web-software-overrides-ie10-do-not-track-setting/
From the Changelog of Apache 2.4.3:
*) httpd.conf: Added configuration directives to set a bad_DNT environment
variable based on User-Agent and to remove the DNT header field from
incoming requests when a match occurs. This currently has the effect of
removing DNT from requests by MSIE 10.0 because it deliberately violates
the current specification of DNT semantics for HTTP. [Roy T. Fielding]
Microsoft's new browser IE10 is set by default to tell advertisers not to track user behavior on the Web, but now Apache 2.4.3 has become a new obstacle to that Microsoft approach.
The following is added to the httpd.conf in 2.4.3 to bypass DNT: | Code: | # Deal with user agents that deliberately violate open standards
#
<IfModule setenvif_module>
BrowserMatch "MSIE 10.0;" bad_DNT
</IfModule>
<IfModule headers_module>
RequestHeader unset DNT env=bad_DNT
</IfModule> |
By removing this lines in httpd.conf there is no bypass.
So if you do want that your users protection/privacy is not bypassed by Apache 2.4.3 remove that lines.
Steffen |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Mon 10 Sep '12 18:06 Post subject: |
|
|
There is a discussion if that patch is against EU law. Let's wait and see  |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Wed 12 Sep '12 2:50 Post subject: |
|
|
| Hope this will be fixed at apache 2.4.4 at asf |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Wed 12 Sep '12 3:57 Post subject: |
|
|
maskego, it's a change in the config, in httpd.conf. You can fix yourself by removing the lines shown above. If you did not redo your config from 2.4.1 or 2, chances are you do not have it in the first place. If mod_headers isn't loaded, it's not taking effect. Last but not least, it only affects IE10.
I think there's a little sensationalism in the CNET article. Does the config change just because the version upgrades from Maj.Min.Revision to Maj.Min.Rev+1? I do not know about Linux but on Windows it doesn't.
| CNET wrote: | | As a result of the Apache update, Web servers using the software will ignore DNT settings for people using IE10. |
CNET makes it sound like every Apache out there on the web is going to start doing it that day, which is not so.
Personally, I'm all for DNT and having it "On" by default. Do I think it will work to begin with .... no, there's no way to enforce it is being adhered to by the people wanting to do the tracking. You just have to have faith it is .. and in this day and age that's pretty foolish.
I agree that Apache shouldn't be the spec police, but it has been in other areas for some time now and that probably will not change anytime soon.
I'd be curious to know how many people here are using IE10 since Windows 8 Retail has not been released to the general public yet and I do not see them pushing me to upgrade to IE10 yet either. Microsoft has 2 months to figure it out and fix it on their end (eg. Asking every user separately what they want it set to). I hope they do this because if they do not, the trackers are just going to ignore the DNT across the board. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Wed 12 Sep '12 7:18 Post subject: |
|
|
| yep.I remove those lines from httpd.conf. |
|
| Back to top |
|
|
|
|
|
|
