From e981b751d180982563fb8a76e63bddadb69a5bd8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Fri, 18 Jun 2021 09:07:21 +0200 Subject: [PATCH] proxy.cgi: Suppress Squid version by default MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit While hiding version information does not come with any _actual_ security improvements, it is generally a good thing to do so by default: Attackers will still be able to reasonably guess or enumerate the software version running, but need to conduct additional effort to do so, hence more likely raising alerts and drawing attention on their operation. In addition, we suppress version details somewhere else in IPFire 2.x by default, too (e. g. Unbound and Apache), so we can justify this patch by aiming to stay consistent, I guess. :-) Signed-off-by: Peter Müller Signed-off-by: Michael Tremer --- html/cgi-bin/proxy.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 78ad33ad24..1b949d5b68 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -188,7 +188,7 @@ $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; $proxysettings{'ERR_LANGUAGE'} = 'en'; $proxysettings{'ERR_DESIGN'} = 'ipfire'; -$proxysettings{'SUPPRESS_VERSION'} = 'off'; +$proxysettings{'SUPPRESS_VERSION'} = 'on'; $proxysettings{'FORWARD_VIA'} = 'off'; $proxysettings{'FORWARD_IPADDRESS'} = 'off'; $proxysettings{'FORWARD_USERNAME'} = 'off'; -- 2.39.5