squid代理服务器泄露客户ip和服务器信息的解决

squid代理服务器泄露客户ip和服务器信息的解决

在局域网通过透明代理访问外部的web服务器时,

在web服务器端,

通过header HTTP_X_FORWARDED_FOR 可以知道代理服务器的服务器名以及端口,

通过HTTP_VIA可以知道客户的内部ip,这会带来一些安全问题,并且某些论坛会发现用的是代理访问,怎么让squid隐藏这些信息呢.

通过研究squid的源代码,发现在/etc/squid/squid.conf中添加2行:

header_access Via deny all

header_access X-Forwarded-For deny all

就可以把它关闭（king9413注：新版本命令为：via off forwarded_for of）

要去掉其他的header,也可以照此操作:

Accept HTTP_ACCEPT

Accept-Charset HTTP_ACCEPT-CHARSET

Accept-Encoding HTTP_ACCEPT-ENCODING

Accept-Language HTTP_ACCEPT-LANGUAGE

Accept-Ranges HTTP_ACCEPT-RANGES

Age HTTP_AGE

Allow HTTP_ALLOW

Authorization HTTP_AUTHORIZATION

Cache-Control HTTP_CACHE-CONTROL Connection HTTP_CONNECTION

Content-Base HTTP_CONTENT-BASE

Content-Disposition HTTP_CONTENT-DISPOSITION Content-Encoding HTTP_CONTENT-ENCODING Content-Language HTTP_CONTENT-LANGUAGE Content-Length HTTP_CONTENT-LENGTH Content-Location HTTP_CONTENT-LOCATION Content-MD5 HTTP_CONTENT-MD5

Content-Range HTTP_CONTENT-RANGE

Content-Type HTTP_CONTENT-TYPE

Cookie HTTP_COOKIE

Date HTTP_DATE

ETag HTTP_ETAG

Expires HTTP_EXPIRES

From HTTP_FROM

Host HTTP_HOST

If-Match HTTP_IF-MATCH

If-Modified-Since HTTP_IF-MODIFIED-SINCE

If-None-Match HTTP_IF-NONE-MATCH

If-Range HTTP_IF-RANGE

Last-Modified HTTP_LAST-MODIFIED

Link HTTP_LINK

Location HTTP_LOCATION

Max-Forwards HTTP_MAX-FORWARDS

Mime-Version HTTP_MIME-VERSION

Pragma HTTP_PRAGMA

Proxy-Authenticate HTTP_PROXY-AUTHENTICATE Proxy-Authentication-Info

HTTP_PROXY-AUTHENTICATION-INFO

Proxy-Authorization HTTP_PROXY-AUTHORIZATION Proxy-Connection HTTP_PROXY-CONNECTION Public HTTP_PUBLIC

Range HTTP_RANGE

Referer HTTP_REFERER

Request-Range HTTP_REQUEST-RANGE

Retry-After HTTP_RETRY-AFTER

Server HTTP_SERVER

Set-Cookie HTTP_SET-COOKIE

Title HTTP_TITLE

Transfer-Encoding HTTP_TRANSFER-ENCODING

Upgrade HTTP_UPGRADE

User-Agent HTTP_USER-AGENT

Vary HTTP_VARY

Via HTTP_VIA

Warning HTTP_WARNING

WWW-Authenticate HTTP_WWW-AUTHENTICATE Authentication-Info HTTP_AUTHENTICATION-INFO X-Cache HTTP_X-CACHE

X-Cache-Lookup HTTP_X-CACHE-LOOKUP

X-Forwarded-For HTTP_X-FORWARDED-FOR

X-Request-URI HTTP_X-REQUEST-URI

X-Squid-Error HTTP_X-SQUID-ERROR

Negotiate HTTP_NEGOTIATE

X-Accelerator-Vary HTTP_X-ACCELERATOR-V ARY Other: HTTP_OTHER: