Search squid archive

Re: hide squid name for clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/04/19 1:40 am, leomessi983 wrote:
> Hi
> When i use curl -I http://foo.com squid will send his name and version
> to clients that i don't want to!!
> 
> 
> root@debian:~# curl  -I http://youtube.com
> HTTP/1.1 403 Forbidden
> Server: squid/4.6
> Mime-Version: 1.0
> Date: Tue, 09 Apr 2019 13:34:36 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 404
> X-Squid-Error: ERR_ACCESS_DENIED 0
> Vary: Accept-Language
> Content-Language: en
> X-Cache: MISS from LINUX-SRV
> Via: 1.1  LINUX-SRV (squid/4.6)
> Connection: keep-alive
> 
> 
> How can i config squid to doesn't show this information to clients?!
> 


Why? Many of these details are needed to have good Internet
communication between the proxy and other HTTP agents receiving this
message.


For example; The above response is a statement of security policy *by
the proxy*. If the client is not made aware that it is a proxy response
there can be unwanted side effects in the security handling of whatever
domain the client was trying to fetch when the proxy created that
response. eg CORS restrictions on other content of the site which the
proxy would have allowed, failover to unexpected protocols, broken
origin XSS protections, etc.


You can configure
<http://www.squid-cache.org/Doc/config/httpd_suppress_version_string/>
if you want to hide the exact Squid version.

Other headers can be manipulated with
<http://www.squid-cache.org/Doc/config/reply_header_access/> and
<http://www.squid-cache.org/Doc/config/reply_header_replace/>, or
<http://www.squid-cache.org/Doc/config/reply_header_add/>. But please be
very careful if you do that, as mentioned above there can be surprising
side effects.


PS. Do not be embarrassed to be using a proxy. Most traffic on the
Internet these days goes through up to 6 proxies before it reaches the
client.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux