I have written a blog: header_access to hide the header information. In order to hide the header information, it is a positive environment test to access webpages that do not allow proxy access, today, I read a blog written by Fukai and found that the security of the reverse proxy can be enhanced. I will record it first ~
Websites using squid
# Curl-I www.php-oa.com
HTTP/1.0 200 OK
Date: Tue, 15 Jan 2008 03:45:29 GMT
Server: Apache
X-pingback: http://www.php-oa.com/xmlrpc.php
Content-Type: text/html; charset = UTF-8
X-Cache: Miss from cnc.onezone.com
X-Cache-lookup: Miss from cnc.onezone.com: 80
Via: 1.0 cnc.onezone.com: 80 (squid/2.6.stable6)
Connection: Close
Normally, squid is not used.
# Curl-I www.php-oa.com
HTTP/1.1 301 moved permanently
Date: Tue, 15 Jan 2008 03:49:30 GMT
Server: Apache
X-pingback: http://www.php-oa.com/xmlrpc.php
Location: http://www.php-oa.com/
Connection: Close
Content-Type: text/html; charset = UTF-8
If they find that they are different, they will find out what your server is using, and whether you are using squid or a real server.
Add it to your squid. conf file
Header_access via deny all
Header_access server deny all
Header_access X-Cache deny all
Header_access X-Cache-lookup deny all
# Do not display version information
Httpd_suppress_version_string off
You can disable it.
The method for limiting other headers is recorded in -- header_access to hide header information.