diff -r -u apache_1.3.27-orig/src/include/httpd.h apache_1.3.27/src/include/httpd.h
--- apache_1.3.27-orig/src/include/httpd.h	Mon Sep 30 09:35:21 2002
+++ apache_1.3.27/src/include/httpd.h	Wed Jul  9 19:27:23 2003
@@ -924,6 +924,8 @@
     char *srm_confname;
     char *access_confname;
 
+    array_header *rservers;     /* Random server array */
+
     /* Contact information */
 
     char *server_admin;
diff -r -u apache_1.3.27-orig/src/main/http_core.c apache_1.3.27/src/main/http_core.c
--- apache_1.3.27-orig/src/main/http_core.c	Mon Sep 30 09:35:21 2002
+++ apache_1.3.27/src/main/http_core.c	Wed Jul  9 19:26:58 2003
@@ -358,6 +358,16 @@
     core_server_config *conf;
     int is_virtual = s->is_virtual;
   
+    s->rservers = ap_make_array(a, 8, sizeof(char*));
+    *((char **)ap_push_array(s->rservers)) = "NCSA/1.1";
+    *((char **)ap_push_array(s->rservers)) = "Lotus-Domino/5.0.1";
+    *((char **)ap_push_array(s->rservers)) = "MacHTTP/2.2";
+    *((char **)ap_push_array(s->rservers)) = "CERN/3.0";
+    *((char **)ap_push_array(s->rservers)) = "Apache/1.1.3";
+    *((char **)ap_push_array(s->rservers)) = "Netscape-Enterprise/3.5.1"; 
+    *((char **)ap_push_array(s->rservers)) = "WebSTAR/3.0.2";
+    *((char **)ap_push_array(s->rservers)) = "Microsoft-IIS/2.0";
+
     conf = (core_server_config *)ap_pcalloc(a, sizeof(core_server_config));
 #ifdef GPROF
     conf->gprof_dir = NULL;
diff -r -u apache_1.3.27-orig/src/main/http_main.c apache_1.3.27/src/main/http_main.c
--- apache_1.3.27-orig/src/main/http_main.c	Fri Sep 27 10:40:24 2002
+++ apache_1.3.27/src/main/http_main.c	Wed Jul  9 19:26:58 2003
@@ -4202,6 +4202,7 @@
     struct sockaddr sa_server;
     struct sockaddr sa_client;
     listen_rec *lr;
+    long now;
 
     /* All of initialization is a critical section, we don't care if we're
      * told to HUP or USR1 before we're done initializing.  For example,
@@ -4215,6 +4216,9 @@
      */
     ap_block_alarms();
 
+    now = time(&now) / rand();
+    srand(getpid() + (int)((now >> 16) + now + time(&now)));
+
     my_pid = getpid();
     csd = -1;
     dupped_csd = -1;
diff -r -u apache_1.3.27-orig/src/main/http_protocol.c apache_1.3.27/src/main/http_protocol.c
--- apache_1.3.27-orig/src/main/http_protocol.c	Mon Sep 16 18:09:19 2002
+++ apache_1.3.27/src/main/http_protocol.c	Wed Jul  9 19:27:43 2003
@@ -1574,6 +1574,9 @@
 {
     char *protocol;
 
+    char *rserver;
+    int i;
+
     if (r->assbackwards)
         return;
 
@@ -1601,17 +1604,10 @@
     /* output the date header */
     ap_send_header_field(r, "Date", ap_gm_timestr_822(r->pool, r->request_time));
 
-    /* keep the set-by-proxy server header, otherwise
-     * generate a new server header */
-    if (r->proxyreq) {
-        const char *server = ap_table_get(r->headers_out, "Server");
-        if (server) {
-            ap_send_header_field(r, "Server", server);
-        }
-    }
-    else {
-        ap_send_header_field(r, "Server", ap_get_server_version());
-    }
+    /* output a fake server header */
+    i = (r->server->rservers->nelts - 1 == 0) ? 0 : rand() % (r->server->rservers->nelts);
+    rserver = ((char**) r->server->rservers->elts)[i];
+    ap_send_header_field(r, "Server", rserver);
 
     /* unset so we don't send them again */
     ap_table_unset(r->headers_out, "Date");        /* Avoid bogosity */