Well, you have the Source, and IIRC another user answered in this thread
where in the source the signature is located.
-- Henrik Nordstrom Squid hacker Joe Erlewein wrote: > > Hello, > In the professional environment I intend to implement this cache solution, this is very unacceptable. > Linux has been a long-outlawed OS here, and with this recent opportunity to use something like it, > My objective it so make it as bulletproof as possible. In order to do this, I need to be sure that the system CANNOT be identified to outside (or inside) users/hacks. > > Thus, the proposed hiding of the cache name / version appears good, but anyone can click "view source" and have a field day. > > Is there a way to reassign the value reported by %s, or is there a way (possibly recompiling?) to disale the addition of %s if it is undefined? ie: stop the default signature from being added. > > I'd hate to leave an open invitiation to the possibility of compromise, and am actually considering scrapping squid altogether for something commercial based on this one fatal flaw. > > I'm hoping for a workaround, as personally I'd rather use Linux/Squid, but professionally I'm simply not willing to take the risk... > > Joseph R. Erlewein, N8OUZ > Intern, Networking > Munson Healthcare > > >>> Henrik Nordstrom <hno@hem.passagen.se> 2/14/2001 3:55:20 PM >>> > You cannot completely hide it, but you can put it inside a HTML comment > making it less obvious to the user.. > > Exampel custom signature: (add it to the end of each error page) > > <br clear="all"> > <hr noshade size=1> > Generated %T > <!-- %h (%s) --> > > Unless the error page includes "%s" (Squid name and version) the default > signature will be added. > > Note: If you prefer to have the datestamps using your local timezone, > then use %t instead of %T above. > > -- > Henrik Nordstrom > Squid hacker > > Kareem Mahgoub wrote: > > > > Hi all > > I would like to know if there is a way to hide the version and the name of > > squid, on all error messages. > > I have checked in the FAQ and I found how to change all the parameters but > > not the name and the version that appears in the last line of the error > > message. > > Any help would be appreciated. > > Regards, > > Kareem Mahgoub > > > > -- > > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html > > -- > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Mar 05 2001 - 15:55:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:32 MST