Well have played with the the header_access as well as the
header_replace options. This is not what we are looking for. These
appear to be very heavy-handed methods of dealing with a very small
variable option. Perhaps they can be finessed to a smaller "hammer"
profile; however, that is beyond our immediate expertise and time
available to absorb new information.
Yes, we understand that someone could scan the server and find the
squid. That is not something a normal server would do, as it would not
have the available resources to enable such a policy. Our security
needs are not that critical.
What we need to do is reconfig such that it is not so easily seen that
this is a proxied squid connection. If that is not possible we would
just like to be able to configure the portion that says,
"squid/2.5.STABLE12"
We just need this one element of the profile killed or obscured. Here
is it again...
http://www.dnsstuff.com/tools/aboutyou.ch
generates...
Proxy Server: 1.1 host.XXXXXXXX.XXX:8065 (squid/2.5.STABLE12)
On 3/30/06, WebGal! <webgalisat@gmail.com> wrote:
> Just saw something the other day that needs to be addressed.
>
> It appears, which we did not know, it can be determined if we are
> running squid when connecting to a server through our remote
> installation of squid. We would like to have this "feature" disabled,
> for obvious reasons. Would appreciate any thoughts about how to make
> our use of squid completely obscured.
>
> To see an example of what we are talking about visit the URL below
> through your squid proxy server, heck perhaps any proxy server...
>
> http://www.dnsstuff.com/tools/aboutyou.ch
>
> generates...
>
> Proxy Server: 1.1 host.XXXXXXXX.XXX:8065 (squid/2.5.STABLE12)
>
> Thanks for your help
>
Received on Fri Mar 31 2006 - 08:48:52 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:05 MST