nginx 0.5.34 *) Change: now the full request line instead of URI only is written to error_log. *) Feature: Cygwin compatibility. Thanks to Vladimir Kutakov. *) Feature: the "merge_slashes" directive. *) Feature: the "gzip_vary" directive. *) Feature: the "server_tokens" directive. *) Feature: the "access_log" directive may be used inside the "limit_except" block. *) Bugfix: if the $server_protocol was used in FastCGI parameters and a request line length was near to the "client_header_buffer_size" directive value, then nginx issued an alert "fastcgi: the request record is too big". *) Bugfix: if a plain text HTTP/0.9 version request was made to HTTPS server, then nginx returned usual response. *) Bugfix: URL double escaping in a redirect of the "msie_refresh" directive; bug appeared in 0.5.28. *) Bugfix: a segmentation fault might occur in worker process if subrequests were used. *) Bugfix: the big responses may be transferred truncated if SSL and gzip were used. *) Bugfix: compatibility with mget. *) Bugfix: nginx did not unescape URI in the "include" SSI command. *) Bugfix: the segmentation fault was occurred on start or while reconfiguration if variable was used in the "charset" or "source_charset" directives. *) Bugfix: nginx returned the 400 response on requests like "GET http://www.domain.com HTTP/1.0". Thanks to James Oakley. *) Bugfix: a segmentation fault occurred in worker process if $date_local and $date_gmt were used outside the ngx_http_ssi_filter_module. *) Bugfix: a segmentation fault might occur in worker process if debug log was enabled. Thanks to Andrei Nigmatulin. *) Bugfix: ngx_http_memcached_module did not set $upstream_response_time. Thanks to Maxim Dounin. *) Bugfix: a worker process may got caught in an endless loop, if the memcached was used.

--- a/src/http/ngx_http_header_filter_module.c
+++ b/src/http/ngx_http_header_filter_module.c
@@ -45,7 +45,8 @@ ngx_module_t  ngx_http_header_filter_mod
 };
 
 
-static char ngx_http_server_string[] = "Server: " NGINX_VER CRLF;
+static char ngx_http_server_string[] = "Server: nginx" CRLF;
+static char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
 
 
 static ngx_str_t ngx_http_status_lines[] = {
@@ -237,8 +238,11 @@ ngx_http_header_filter(ngx_http_request_
         len += ngx_http_status_lines[status].len;
     }
 
+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
     if (r->headers_out.server == NULL) {
-        len += sizeof(ngx_http_server_string) - 1;
+        len += clcf->server_tokens ? sizeof(ngx_http_server_full_string) - 1:
+                                     sizeof(ngx_http_server_string) - 1;
     }
 
     if (r->headers_out.date == NULL) {
@@ -268,8 +272,6 @@ ngx_http_header_filter(ngx_http_request_
         len += sizeof("Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT" CRLF) - 1;
     }
 
-    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-
     if (r->headers_out.location
         && r->headers_out.location->value.len
         && r->headers_out.location->value.data[0] == '/')
@@ -365,8 +367,16 @@ ngx_http_header_filter(ngx_http_request_
     *b->last++ = CR; *b->last++ = LF;
 
     if (r->headers_out.server == NULL) {
-        b->last = ngx_cpymem(b->last, ngx_http_server_string,
-                             sizeof(ngx_http_server_string) - 1);
+        if (clcf->server_tokens) {
+            p = (u_char *) ngx_http_server_full_string;
+            len = sizeof(ngx_http_server_full_string) - 1;
+
+        } else {
+            p = (u_char *) ngx_http_server_string;
+            len = sizeof(ngx_http_server_string) - 1;
+        }
+
+        b->last = ngx_cpymem(b->last, p, len);
     }
 
     if (r->headers_out.date == NULL) {