The first step would be to firewall your proxy and allow\use it only for your real users. Other IP’s should not have access to telnet\netcat or contact your service port. Eliezer ---- Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of --Ahmad-- Sent: Sunday, November 20, 2016 13:22 To: Amos Jeffries <squid3@xxxxxxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: remove all squid pages & errors pages footprints HI amos thanks for that info . i already did as below : 1- i didn’t touch any squid files and compiled with the option u told me and added the tcp reset acl. that was fine when i open websites with error i was seeing” tcp reset “ and thats fine . but there is other stuff I’m worry about . if someone do telnet to squid … he can still squid headers check below : Ahmads-MacBook-Pro:~ ahmad$ telnet x.x.237.187 4000 Trying 212.71.237.187... Connected to li666-177.members.linode.com <http://li666-177.members.linode.com> . Escape character is '^]'. get / HTTP / HTTP/1.1 403 Forbidden Server: squid/3.5.22 Mime-Version: 1.0 Date: Sun, 20 Nov 2016 11:18:21 GMT Content-Type: text/html;charset=utf-8 Content-Length: 5 X-Squid-Error: TCP_RESET 0 Content-Language: en X-Cache: MISS from Googlechrome X-Cache-Lookup: NONE from Googlechrome:4000 Connection: close resetConnection closed by foreign host. Ahmads-MacBook-Pro:~ ahmad$ as you see there are squid footprints above …. how can i hide it ?? i want to remove ((Server: squid/3.5.22)) again i want to protect squid from being scanned and flagged as open proxy cheers On Nov 19, 2016, at 1:19 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx> > wrote: On 19/11/2016 11:40 p.m., --Ahmad-- wrote: hi squid users . im willing to have squid errors or any foot prints to be removed . as an example if was error access denied or dns name problem …. i don’t want any squid footprints to be shown . i would prefer to have blank page better where should i look @ before compilation ? Please don't. 1) *Replace* all the files in errors/templates with empty files of same name. 2) Build Squid with --disable-auto-locale. 3) add the following to squid.conf acl errors http_status 400-599 deny_info TCP_RESET errors http_reply_access deny errors Good luck dealing with the results (you are going to need it). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> http://lists.squid-cache.org/listinfo/squid-users
<<attachment: winmail.dat>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
