April 9, 2007 — (WEB HOST INDUSTRY REVIEW) — Open Source Parking (opensourceparking.com) founder Bruce Perens admitted last week to using edited server headers on his open source Web site to improve the showing of Netcraft’s (netcraft.com) Apache Web server listings. Web sites using the Open Source Parking service report that they are running on Apache, but are actually hosted on Lighttpd.
The Linux evangelist launched Open Source Parking last year to counter a 5 percent market share gain by Microsoft in the Netcraft April 2006 survey, when GoDaddy shifted 4.5 million parked domains from Linux to Windows Server 2003. Perrens says he started the project in hope of increasing the market share for open source software and generate advertising revenue on the parked domains to finance political efforts on behalf of the open source community.
Open Source Parking is by no means the only site to deliberately change server headers. Many other sites have done the same, and in some cases, have cited security concerns as their reasons for implementing the change. However, Netcraft is more concerned with the issue that Perens prefers Lighttpd as many open source supporters see Apache’s stats as the crucial metric in the market share battle with Microsoft servers.
HTTP header order is often characteristic of a Web server. The opensourceparking.com headers specify Apache, but show the date and server headers last, which is the exact pattern of the Lighttpd response and is not a normal Apache response. The etag is also not in Apache format, and instead, matches the lighttpd format.
“Yes, I did it,” Perens writes on the IT blog Technocrat.com. “For a year, I operated OpenSourceParking.org and all of its parked sites on Lighttpd, and spoofed the server-name header to Apache in order to give Apache the credit in the Netcraft report. At that time, Lighttpd would have been scored by Netcraft as ‘other,’ which wasn’t useful. The server-name header also contained the phrase ‘; Hello Netcraft!’ pointing out what I’d done. Lighttpd and Apache are both open source Web servers.”
Perens writes in the blog entry that Netcraft finally realized the edited server headers a year later when it implemented Web server detection that relied on fine details of the headers, including its order and contents, instead of the server-name string. After the change was made, Netcraft initiated coverage of Lighttpd in its statistics for the first time, at which point, Perens says he reverted the header to indicate the parked sites run Lighttpd.
