[KLUG Members] Bogus header for Squid

Adam Tauno Williams adam at morrison-ind.com
Wed Mar 30 15:44:10 EST 2005

Previous message: [KLUG Members] Bogus header for Squid
Next message: [KLUG Members] Bogus header for Squid
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Nessus reports that it is (correctly) finding something like squid at
> port 3128 on the box I'm assessing. Specifically, it reports:
> ---------snip----------
> The remote web server type is:
> squid/2.5STABLE5
> Solution: We recommend that you configure (if possible) your web server
> to return a bogus Server header in order not to leack information.
> ---------snip----------

That recommendation is just silly.  If you don't trust squid to run
exposed, then don't run squid exposed.  

And why are you running squid exposed?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20050330/532814ea/attachment.bin

Previous message: [KLUG Members] Bogus header for Squid
Next message: [KLUG Members] Bogus header for Squid
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list