[KLUG Members] Bogus header for Squid

[Tony Gettig]

On Wed, 2005-03-30 at 15:21 -0500, Bruce Smith wrote:
> You're running a squid server exposed to the Internet?
> 
>  - BS
> 

Nope. Internal only. Sorry, I should have clarified that. :)

Squid ACL's are configured to only accept connections from localhost,
but the port responds as open when scanning from the inside. Client PC's
connect at a port other than 3128 for purposes of filtering. The path
out looks like this:

client PC --> filter port --> 3128(localhost) --> web

Is it possible and/or recommended to have an iptables rule to drop any
traffic on 3128 except from localhost? That way it wouldn't respond. Am
I right in thinking that?


> 
> > Nessus reports that it is (correctly) finding something like squid at
> > port 3128 on the box I'm assessing. Specifically, it reports:
> > 
> > ---------snip----------
> > The remote web server type is:
> > 
> > squid/2.5STABLE5
> > 
> > Solution: We recommend that you configure (if possible) your web server
> > to return a bogus Server header in order not to leack information.
> > 
> > ---------snip----------
> > 
> > I've googled for this and only gotten other people's nessus reports with
> > the same recommendation. Is there a way to make squid return such a
> > thing? Or is this an innocuous false positive of sorts? Any pointers in
> > the right direction are appreciated. 
> 
> 
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 
> 
>