On Mon, 2004-02-02 at 07:35, Nathan R. Valentine wrote:
> Attached is a patch against 2.5.4 to suppress version information in
> HTTP SERVER headers and the HTML error pages. My intent was to hide
> server and version info from automated port and vulnerability scanners.
> An attacker doing targetted server fingerprinting will likely notice
> that the X-Squid* headers are still in place but will have to fall back
> to some other method to determine the Squid version.
>
> To suppress version info, place the following in /etc/squid.conf:
>
> httpd_suppress_version_string on
>
> I have tested the patch briefly on my home HTTP reverse cache. I have
> not tested it with any protocol other than HTTP.
Please open a bug and attach the patch there. Currently no core
developer has reviewed it. I don't have time right now to do so, and
having an open feature request will let us not forget about the patch.
Rob
-- GPG key available at: <http://www.robertcollins.net/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:04 MST