[KLUG Members] Bogus header for Squid

Bruce Smith bruce at armintl.com
Wed Mar 30 15:21:45 EST 2005

Previous message: [KLUG Members] Bogus header for Squid
Next message: [KLUG Members] Bogus header for Squid
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You're running a squid server exposed to the Internet?

 - BS


> Nessus reports that it is (correctly) finding something like squid at
> port 3128 on the box I'm assessing. Specifically, it reports:
> 
> ---------snip----------
> The remote web server type is:
> 
> squid/2.5STABLE5
> 
> Solution: We recommend that you configure (if possible) your web server
> to return a bogus Server header in order not to leack information.
> 
> ---------snip----------
> 
> I've googled for this and only gotten other people's nessus reports with
> the same recommendation. Is there a way to make squid return such a
> thing? Or is this an innocuous false positive of sorts? Any pointers in
> the right direction are appreciated.

Previous message: [KLUG Members] Bogus header for Squid
Next message: [KLUG Members] Bogus header for Squid
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list