[KLUG Members] Bogus header for Squid
Tony Gettig
tony at gettig.net
Wed Mar 30 15:41:20 EST 2005
On Wed, 2005-03-30 at 15:21 -0500, Bruce Smith wrote:
> You're running a squid server exposed to the Internet?
>
> - BS
>
Nope. Internal only. Sorry, I should have clarified that. :)
Squid ACL's are configured to only accept connections from localhost,
but the port responds as open when scanning from the inside. Client PC's
connect at a port other than 3128 for purposes of filtering. The path
out looks like this:
client PC --> filter port --> 3128(localhost) --> web
Is it possible and/or recommended to have an iptables rule to drop any
traffic on 3128 except from localhost? That way it wouldn't respond. Am
I right in thinking that?
>
> > Nessus reports that it is (correctly) finding something like squid at
> > port 3128 on the box I'm assessing. Specifically, it reports:
> >
> > ---------snip----------
> > The remote web server type is:
> >
> > squid/2.5STABLE5
> >
> > Solution: We recommend that you configure (if possible) your web server
> > to return a bogus Server header in order not to leack information.
> >
> > ---------snip----------
> >
> > I've googled for this and only gotten other people's nessus reports with
> > the same recommendation. Is there a way to make squid return such a
> > thing? Or is this an innocuous false positive of sorts? Any pointers in
> > the right direction are appreciated.
>
>
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
>
>
>
More information about the Members
mailing list