Jump to content

disengaging VIA & X-FORWARDED-FOR HEADERS


Recommended Posts

Hi all,

Continuing my testings, like it more and more 😃
I actually found out that the integrated squid proxy would send out the VIA & X-FORWARDED-FOR HEADERS if not specifically disabled.
Here is what I've done in order to disengage these settings (caution: this might not be supported at all):
 

---> Edit the squid.conf.template file + addons = last tree lines of the snipet below:

[root@kwts ~]# vim  /opt/kaspersky/kwts-appliance-addon/share/templates/squid.conf.template
{#-* This is a template for generating a configuration file *-#}
################################################################################
# This file was generated automatically.                                       #
# All changes to this file will be lost.                                       #
################################################################################

cache deny all
cache_mem 0
shared_memory_locking on
shutdown_lifetime 5 seconds
stats_collection deny all
error_log_languages off
via off
forwarded_for off
follow_x_forwarded_for deny all

---> Use the Web Admin interface and change any setting of the built-in proxy server. 
---> This will cause the settings update. For example, you can change the Access log parameters and save the changes.

You can test before and after here:
https://www.whatismybrowser.com/detect/what-http-headers-is-my-browser-sending

Cheers,
m.

Link to comment
Share on other sites

After some testing, I've actually replaced this line from the above snippet (which does not remove the header, it rather inserts "unknown" in place of the client IP):

forwarded_for off

with this line:

request_header_access X-Forwarded-For deny all

Which indeed remove's the header.

Cheers,
m.
 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...