The following Patch adds "ServerTokens" to the httpd.conf and changes
the default behavior to "ProductOnly".

This may help save some time and reduce the scans of
Web-Security-Scanners wich try to scan an Apache 1.3.29 even OpenBSD
has a modfied version.

Another (maybe usefull) patch can be found here:
http://www.comsys.com.ua/files/apache-patch
It allows to disable the Server-header completly (wich can be usefull
and disables TRACE too but this function was already merged to current).

*** httpd.conf.orig Mon Jan 23 03:54:30 2006
--- httpd.conf Mon Jan 23 03:58:30 2006
***************
*** 565,570 ****
--- 565,593 ----
ServerSignature On

#
+ # This directive controls whether Server response header field which
is
+ # sent back to clients includes a description of the generic OS-type
of
+ # the server as well as information about compiled-in modules.
+ #
+ # ServerTokens Prod[uctOnly]
+ # Server sends (e.g.): Server: Apache
+ #
+ # ServerTokens Min[imal]
+ # Server sends (e.g.): Server: Apache/1.3.0
+ #
+ # ServerTokens OS
+ # Server sends (e.g.): Server: Apache/1.3.0 (Unix)
+ #
+ # ServerTokens Full (or not specified)
+ # Server sends (e.g.): Server: Apache/1.3.0 (Unix) PHP/3.0
+ # MyMod/1.2
+ #
+ # This setting applies to the entire server, and cannot be enabled or
+ # disabled on a virtualhost-by-virtualhost basis.
+
+ ServerTokens ProductOnly
+
+ #
# Aliases: Add here as many aliases as you need (with no limit). The
format is # Alias fakename realname
#