下载中心 | 网站地图 | 站内搜索 | 加入收藏

安恒公司 / 技术文章 / 安恒公司网管员手记 / 安恒网管员手记:squid代理服务器泄露客户ip和服务器信息的解决

2004-06-28 刘世伟  阅:    下页:
安恒网管员手记:squid代理服务器泄露客户ip和服务器信息的解决

在局域网通过透明代理访问外部的web服务器时,
在web服务器端,
通过header  HTTP_X_FORWARDED_FOR 可以知道代理服务器的服务器*以及端口,
通过HTTP_VIA可以知道客户的内部ip,这会带来*些安全问题,并且某些论坛会发现用的是代理访问,怎么让squid隐藏这些信息呢.
通过研究squid的源代码,发现在/etc/squid/squid.conf中添加2行:
       header_access Via deny all
       header_access X-Forwarded-For deny all
就可以把它关闭

要去掉其他的header,也可以照此操作:

 

Accept HTTP_ACCEPT
Accept-Charset HTTP_ACCEPT-CHARSET
Accept-Encoding HTTP_ACCEPT-ENCODING
Accept-Language HTTP_ACCEPT-LANGUAGE
Accept-Ranges HTTP_ACCEPT-RANGES
Age HTTP_AGE
Allow HTTP_ALLOW
Authorization HTTP_AUTHORIZATION
Cache-Control HTTP_CACHE-CONTROL
Connection HTTP_CONNECTION
Content-Base HTTP_CONTENT-BASE
Content-Disposition HTTP_CONTENT-DISPOSITION
Content-Encoding HTTP_CONTENT-ENCODING
Content-Language HTTP_CONTENT-LANGUAGE
Content-Length HTTP_CONTENT-LENGTH
Content-Location HTTP_CONTENT-LOCATION
Content-MD5 HTTP_CONTENT-MD5
Content-Range HTTP_CONTENT-RANGE
Content-Type HTTP_CONTENT-TYPE
Cookie HTTP_COOKIE
Date HTTP_DATE
ETag HTTP_ETAG
Expires HTTP_EXPIRES
From HTTP_FROM
Host HTTP_HOST
If-Match HTTP_IF-MATCH
If-Modified-Since HTTP_IF-MODIFIED-SINCE
If-None-Match HTTP_IF-NONE-MATCH
If-Range HTTP_IF-RANGE
Last-Modified HTTP_LAST-MODIFIED
Link HTTP_LINK
Location HTTP_LOCATION
Max-Forwards HTTP_MAX-FORWARDS
Mime-Version HTTP_MIME-VERSION
Pragma HTTP_PRAGMA
Proxy-Authenticate HTTP_PROXY-AUTHENTICATE
Proxy-Authentication-Info HTTP_PROXY-AUTHENTICATION-INFO
Proxy-Authorization HTTP_PROXY-AUTHORIZATION
Proxy-Connection HTTP_PROXY-CONNECTION
Public HTTP_PUBLIC
Range HTTP_RANGE
Referer HTTP_REFERER
Request-Range HTTP_REQUEST-RANGE
Retry-After HTTP_RETRY-AFTER
Server HTTP_SERVER
Set-Cookie HTTP_SET-COOKIE
Title HTTP_TITLE
Transfer-Encoding HTTP_TRANSFER-ENCODING
Upgrade HTTP_UPGRADE
User-Agent HTTP_USER-AGENT
Vary HTTP_VARY
Via HTTP_VIA
Warning HTTP_WARNING
WWW-Authenticate HTTP_WWW-AUTHENTICATE
Authentication-Info HTTP_AUTHENTICATION-INFO
X-Cache HTTP_X-CACHE
X-Cache-Lookup HTTP_X-CACHE-LOOKUP
X-Forwarded-For HTTP_X-FORWARDED-FOR
X-Request-URI HTTP_X-REQUEST-URI
X-Squid-Error HTTP_X-SQUID-ERROR
Negotiate HTTP_NEGOTIATE
X-Accelerator-Vary HTTP_X-ACCELERATOR-VARY
Other: HTTP_OTHER:
下页:   

相关文章
在win下安装debian的方式 - 13-06-30 - 阅读: 200036
debian作无盘启动 - 08-11-24 - 阅读: 180573
debian lenny openvpn 不能启动 version_2.1~rc9-3 - 08-07-26 - 阅读: 175447
debian下的netflow工具 - 07-12-21 - 阅读: 200316
debian下的无盘linux系统安装要点 - 07-12-09 - 阅读: 219004
debian 系统时间和cmos时间 - 07-04-14 - 阅读: 174328
debian下安装qmail+clamav+webmail - 07-04-03 - 阅读: 241257
debian远程安装kvm虚拟机 - 07-01-13 - 阅读: 262091
在debian下用eaccelerator加速php性能 --安恒网管员手记 - 06-06-28 - 阅读: 307726
qmail+debian --安恒网管员手记 - 06-01-15 - 阅读: 268046
debian Etch版 010908312D230C5F 错误 - 05-12-31 - 阅读: 196933
debian下应用raid5提高数据安全性--安恒网管员手记 - 05-05-02 - 阅读: 310983
在debian下部署lamp - 04-07-11 - 阅读: 224750
在debian版linux下用pptp 实现VPN - 04-07-09 - 阅读: 528550
安恒网管员手记: 网卡启动安装 DEBIAN - 04-06-14 - 阅读: 223782
安恒网管员手记: debian之webmin - 04-05-12 - 阅读: 199413

Email给朋友 打印本文
版权所有·安恒公司 Copyright © 2004   bluesweep.anheng.com.cn   All Rights Reserved    
北京市海淀区*体南路9号 主语国际商务中心4号楼8层 (邮编100048) 电话:010-88018877