proxy.cgi: Suppress Squid version by default

While hiding version information does not come with any _actual_
security improvements, it is generally a good thing to do so by default:
Attackers will still be able to reasonably guess or enumerate the
software version running, but need to conduct additional effort to do
so, hence more likely raising alerts and drawing attention on their
operation.

In addition, we suppress version details somewhere else in IPFire 2.x by
default, too (e. g. Unbound and Apache), so we can justify this patch by
aiming to stay consistent, I guess. :-)

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 78ad33ad249079ebeb7c38c2fd83f774930b2b61..1b949d5b6853d1521897bc0b34924502bcf3956d 100644 (file)
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -188,7 +188,7 @@ $proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
 $proxysettings{'ADMIN_PASSWORD'} = '';
 $proxysettings{'ERR_LANGUAGE'} = 'en';
 $proxysettings{'ERR_DESIGN'} = 'ipfire';
-$proxysettings{'SUPPRESS_VERSION'} = 'off';
+$proxysettings{'SUPPRESS_VERSION'} = 'on';
 $proxysettings{'FORWARD_VIA'} = 'off';
 $proxysettings{'FORWARD_IPADDRESS'} = 'off';
 $proxysettings{'FORWARD_USERNAME'} = 'off';