While hiding version information does not come with any _actual_ security improvements, it is generally a good thing to do so by default: Attackers will still be able to reasonably guess or enumerate the software version running, but need to conduct additional effort to do so, hence more likely raising alerts and drawing attention on their operation.

In addition, we suppress version details somewhere else in IPFire 2.x by default, too (e. g. Unbound and Apache), so we can justify this patch by aiming to stay consistent, I guess. :-)

Signed-off-by: Peter Müller peter.mueller@ipfire.org --- html/cgi-bin/proxy.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 78ad33ad2..1b949d5b6 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -188,7 +188,7 @@ $proxysettings{'ADMIN_MAIL_ADDRESS'} = ''; $proxysettings{'ADMIN_PASSWORD'} = ''; $proxysettings{'ERR_LANGUAGE'} = 'en'; $proxysettings{'ERR_DESIGN'} = 'ipfire'; -$proxysettings{'SUPPRESS_VERSION'} = 'off'; +$proxysettings{'SUPPRESS_VERSION'} = 'on'; $proxysettings{'FORWARD_VIA'} = 'off'; $proxysettings{'FORWARD_IPADDRESS'} = 'off'; $proxysettings{'FORWARD_USERNAME'} = 'off';