From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH] proxy.cgi: Suppress Squid version by default Date: Fri, 18 Jun 2021 09:07:21 +0200 Message-ID: <009b2fc7-361a-dacb-ff33-75144d9b2a52@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6491055757686211562==" List-Id: --===============6491055757686211562== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit While hiding version information does not come with any _actual_ security improvements, it is generally a good thing to do so by default: Attackers will still be able to reasonably guess or enumerate the software version running, but need to conduct additional effort to do so, hence more likely raising alerts and drawing attention on their operation. In addition, we suppress version details somewhere else in IPFire 2.x by default, too (e. g. Unbound and Apache), so we can justify this patch by aiming to stay consistent, I guess. :-) Signed-off-by: Peter Müller --- html/cgi-bin/proxy.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 78ad33ad2..1b949d5b6 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -188,7 +188,7 @@ $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; $proxysettings{'ERR_LANGUAGE'} = 'en'; $proxysettings{'ERR_DESIGN'} = 'ipfire'; -$proxysettings{'SUPPRESS_VERSION'} = 'off'; +$proxysettings{'SUPPRESS_VERSION'} = 'on'; $proxysettings{'FORWARD_VIA'} = 'off'; $proxysettings{'FORWARD_IPADDRESS'} = 'off'; $proxysettings{'FORWARD_USERNAME'} = 'off'; -- 2.26.2 --===============6491055757686211562==--