zoukankan      html  css  js  c++  java

  • squid代理服务器泄露客户ip和服务器信息的解决

    在局域网通过透明代理访问外部的web服务器时,
    在web服务器端,
    通过header  HTTP_X_FORWARDED_FOR 可以知道代理服务器的服务器名以及端口,
    通过HTTP_VIA可以知道客户的内部ip,这会带来一些安全问题,并且某些论坛会发现用的是代理访问,怎么让squid隐藏这些信息呢.
    通过研究squid的源代码,发现在/etc/squid/squid.conf中添加2行:
    header_access Via deny all
    header_access X-Forwarded-For deny all
    就可以把它关闭

    要去掉其他的header,也可以照此操作:

    Accept HTTP_ACCEPT
    Accept-Charset HTTP_ACCEPT-CHARSET
    Accept-Encoding HTTP_ACCEPT-ENCODING
    Accept-Language HTTP_ACCEPT-LANGUAGE
    Accept-Ranges HTTP_ACCEPT-RANGES
    Age HTTP_AGE
    Allow HTTP_ALLOW
    Authorization HTTP_AUTHORIZATION
    Cache-Control HTTP_CACHE-CONTROL
    Connection HTTP_CONNECTION
    Content-Base HTTP_CONTENT-BASE
    Content-Disposition HTTP_CONTENT-DISPOSITION
    Content-Encoding HTTP_CONTENT-ENCODING
    Content-Language HTTP_CONTENT-LANGUAGE
    Content-Length HTTP_CONTENT-LENGTH
    Content-Location HTTP_CONTENT-LOCATION
    Content-MD5 HTTP_CONTENT-MD5
    Content-Range HTTP_CONTENT-RANGE
    Content-Type HTTP_CONTENT-TYPE
    Cookie HTTP_COOKIE
    Date HTTP_DATE
    ETag HTTP_ETAG
    Expires HTTP_EXPIRES
    From HTTP_FROM
    Host HTTP_HOST
    If-Match HTTP_IF-MATCH
    If-Modified-Since HTTP_IF-MODIFIED-SINCE
    If-None-Match HTTP_IF-NONE-MATCH
    If-Range HTTP_IF-RANGE
    Last-Modified HTTP_LAST-MODIFIED
    Link HTTP_LINK
    Location HTTP_LOCATION
    Max-Forwards HTTP_MAX-FORWARDS
    Mime-Version HTTP_MIME-VERSION
    Pragma HTTP_PRAGMA
    Proxy-Authenticate HTTP_PROXY-AUTHENTICATE
    Proxy-Authentication-Info HTTP_PROXY-AUTHENTICATION-INFO
    Proxy-Authorization HTTP_PROXY-AUTHORIZATION
    Proxy-Connection HTTP_PROXY-CONNECTION
    Public HTTP_PUBLIC
    Range HTTP_RANGE
    Referer HTTP_REFERER
    Request-Range HTTP_REQUEST-RANGE
    Retry-After HTTP_RETRY-AFTER
    Server HTTP_SERVER
    Set-Cookie HTTP_SET-COOKIE
    Title HTTP_TITLE
    Transfer-Encoding HTTP_TRANSFER-ENCODING
    Upgrade HTTP_UPGRADE
    User-Agent HTTP_USER-AGENT
    Vary HTTP_VARY
    Via HTTP_VIA
    Warning HTTP_WARNING
    WWW-Authenticate HTTP_WWW-AUTHENTICATE
    Authentication-Info HTTP_AUTHENTICATION-INFO
    X-Cache HTTP_X-CACHE
    X-Cache-Lookup HTTP_X-CACHE-LOOKUP
    X-Forwarded-For HTTP_X-FORWARDED-FOR
    X-Request-URI HTTP_X-REQUEST-URI
    X-Squid-Error HTTP_X-SQUID-ERROR
    Negotiate HTTP_NEGOTIATE
    X-Accelerator-Vary HTTP_X-ACCELERATOR-VARY
    Other: HTTP_OTHER:

  • 相关阅读:
    多个EditText 监听矛盾的 解决办法 (Overstack)溢出栈
    JZ2440 裸机驱动 第5章 GPIO接口
    从头调试stm32 HID
    嵌入式GPIO接口及操作(二)
    嵌入式GPIO接口及操作(一)
    嵌入式linux网络配置
    嵌入式开发环境搭建之安装交叉编译工具链
    securecrt鼠标右键的配置
    S3C2440上LCD驱动(FrameBuffer)实例开发讲解(一)
    s3c2440串口详解
  • 原文地址:https://www.cnblogs.com/youlechang123/p/2727574.html
Copyright © 2011-2022 走看看