disengaging VIA & X-FORWARDED-FOR HEADERS

[mokaz]

Hi all,

Continuing my testings, like it more and more ?
I actually found out that the integrated squid proxy would send out the VIA & X-FORWARDED-FOR HEADERS if not specifically disabled.
Here is what I've done in order to disengage these settings (caution: this might not be supported at all):
 

---> Edit the squid.conf.template file + addons = last tree lines of the snipet below:

[root@kwts ~]# vim  /opt/kaspersky/kwts-appliance-addon/share/templates/squid.conf.template
{#-* This is a template for generating a configuration file *-#}
################################################################################
# This file was generated automatically.                                       #
# All changes to this file will be lost.                                       #
################################################################################

cache deny all
cache_mem 0
shared_memory_locking on
shutdown_lifetime 5 seconds
stats_collection deny all
error_log_languages off
via off
forwarded_for off
follow_x_forwarded_for deny all

---> Use the Web Admin interface and change any setting of the built-in proxy server. 
---> This will cause the settings update. For example, you can change the Access log parameters and save the changes.

You can test before and after here:
https://www.whatismybrowser.com/detect/what-http-headers-is-my-browser-sending

Cheers,
m.

[mokaz]

After some testing, I've actually replaced this line from the above snippet (which does not remove the header, it rather inserts "unknown" in place of the client IP):

forwarded_for off

with this line:

request_header_access X-Forwarded-For deny all

Which indeed remove's the header.

Cheers,
m.