- 论坛徽章:
- 0
|
HTTP_X_FORWARDED_FOR , HTTP_VIA , IP
在局域网通过透明代理访问外部的web服务器时,
在web服务器端,
通过header
HTTP_X_FORWARDED_FOR
可以知道代理服务器的服务器名以及端口,
通过
[color="#000000"]HTTP_VIA
可以知道客户的内部ip,这会带来一些安全问题,并且某些论坛会发现用的是代理访问,怎么让squid隐藏这些信息呢.
通过研究squid的源代码,发现在/etc/squid/squid.conf中添加2行:
[color="#330000"] header_access Via deny all
header_access X-Forwarded-For deny all
就可以把它关闭
要去掉其他的header,也可以照此操作:
AcceptHTTP_ACCEPTAccept-CharsetHTTP_ACCEPT-CHARSETAccept-EncodingHTTP_ACCEPT-ENCODINGAccept-LanguageHTTP_ACCEPT-LANGUAGEAccept-RangesHTTP_ACCEPT-RANGESAgeHTTP_AGEAllowHTTP_ALLOWAuthorizationHTTP_AUTHORIZATIONCache-ControlHTTP_CACHE-CONTROLConnectionHTTP_CONNECTIONContent-BaseHTTP_CONTENT-BASEContent-DispositionHTTP_CONTENT-DISPOSITIONContent-EncodingHTTP_CONTENT-ENCODINGContent-LanguageHTTP_CONTENT-LANGUAGEContent-LengthHTTP_CONTENT-LENGTHContent-LocationHTTP_CONTENT-LOCATIONContent-MD5HTTP_CONTENT-MD5Content-RangeHTTP_CONTENT-RANGEContent-TypeHTTP_CONTENT-TYPECookieHTTP_COOKIEDateHTTP_DATEETagHTTP_ETAGExpiresHTTP_EXPIRESFromHTTP_FROMHostHTTP_HOSTIf-MatchHTTP_IF-MATCHIf-Modified-SinceHTTP_IF-MODIFIED-SINCEIf-None-MatchHTTP_IF-NONE-MATCHIf-RangeHTTP_IF-RANGELast-ModifiedHTTP_LAST-MODIFIEDLinkHTTP_LINKLocationHTTP_LOCATIONMax-ForwardsHTTP_MAX-FORWARDSMime-VersionHTTP_MIME-VERSIONPragmaHTTP_PRAGMAProxy-AuthenticateHTTP_PROXY-AUTHENTICATEProxy-Authentication-InfoHTTP_PROXY-AUTHENTICATION-INFOProxy-AuthorizationHTTP_PROXY-AUTHORIZATIONProxy-ConnectionHTTP_PROXY-CONNECTIONPublicHTTP_PUBLICRangeHTTP_RANGERefererHTTP_REFERERRequest-RangeHTTP_REQUEST-RANGERetry-AfterHTTP_RETRY-AFTERServerHTTP_SERVERSet-CookieHTTP_SET-COOKIETitleHTTP_TITLETransfer-EncodingHTTP_TRANSFER-ENCODINGUpgradeHTTP_UPGRADEUser-AgentHTTP_USER-AGENTVaryHTTP_VARYVia
[color="#000000"]HTTP_VIA
WarningHTTP_WARNINGWWW-AuthenticateHTTP_WWW-AUTHENTICATEAuthentication-InfoHTTP_AUTHENTICATION-INFOX-CacheHTTP_X-CACHEX-Cache-LookupHTTP_X-CACHE-LOOKUPX-Forwarded-ForHTTP_X-FORWARDED-FORX-Request-URIHTTP_X-REQUEST-URIX-Squid-ErrorHTTP_X-
[color="#000000"]SQUID
-ERRORNegotiateHTTP_NEGOTIATEX-Accelerator-VaryHTTP_X-ACCELERATOR-VARYOther:HTTP_OTHER:
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/8054/showart_36173.html |
|