[KLUG Members] Bogus header for Squid
Bruce Smith
bruce at armintl.com
Wed Mar 30 15:21:45 EST 2005
You're running a squid server exposed to the Internet?
- BS
> Nessus reports that it is (correctly) finding something like squid at
> port 3128 on the box I'm assessing. Specifically, it reports:
>
> ---------snip----------
> The remote web server type is:
>
> squid/2.5STABLE5
>
> Solution: We recommend that you configure (if possible) your web server
> to return a bogus Server header in order not to leack information.
>
> ---------snip----------
>
> I've googled for this and only gotten other people's nessus reports with
> the same recommendation. Is there a way to make squid return such a
> thing? Or is this an innocuous false positive of sorts? Any pointers in
> the right direction are appreciated.
More information about the Members
mailing list