[KLUG Members] Bogus header for Squid
Tony Gettig
tony at gettig.net
Wed Mar 30 14:58:51 EST 2005
Nessus reports that it is (correctly) finding something like squid at
port 3128 on the box I'm assessing. Specifically, it reports:
---------snip----------
The remote web server type is:
squid/2.5STABLE5
Solution: We recommend that you configure (if possible) your web server
to return a bogus Server header in order not to leack information.
---------snip----------
I've googled for this and only gotten other people's nessus reports with
the same recommendation. Is there a way to make squid return such a
thing? Or is this an innocuous false positive of sorts? Any pointers in
the right direction are appreciated.
More information about the Members
mailing list