patch to suppress version string in HTTP headers and HTML error pages in 2.5.4 from Nathan R. Valentine on 2004-02-01 (squid-dev)

From: Nathan R. Valentine <nathan@dont-contact.us>
Date: Sun, 01 Feb 2004 15:35:02 -0500

Attached is a patch against 2.5.4 to suppress version information in
HTTP SERVER headers and the HTML error pages. My intent was to hide
server and version info from automated port and vulnerability scanners.
An attacker doing targetted server fingerprinting will likely notice
that the X-Squid* headers are still in place but will have to fall back
to some other method to determine the Squid version.

To suppress version info, place the following in /etc/squid.conf:

httpd_suppress_version_string on

I have tested the patch briefly on my home HTTP reverse cache. I have
not tested it with any protocol other than HTTP.

-- 
Nathan R. Valentine <nathan@nathanvalentine.org>

text/x-patch attachment: suppress-server-header.patch__charset_ANSI_X3.4-1968

application/pgp-signature attachment: This is a digitally signed message part

Received on Sun Feb 01 2004 - 15:13:30 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:04 MST