[CDN 技术] squid做反向代理时,要注意的安全设置.
转载本站文章请注明,转载自:扶凯[http://www.php-oa.com]
本文链接: http://www.php-oa.com/2008/01/15/squid-se.html
使用squid的网站
#curl -I www.php-oa.com
HTTP/1.0 200 OK
Date: Tue, 15 Jan 2008 03:45:29 GMT
Server: Apache
X-Pingback: http://www.php-oa.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from cnc.onezone.com
X-Cache-Lookup: MISS from cnc.onezone.com:80
Via: 1.0 cnc.onezone.com:80 (squid/2.6.STABLE6)
Connection: close
正常的没有使用squid的.
#curl -I www.php-oa.com
HTTP/1.1 301 Moved Permanently
Date: Tue, 15 Jan 2008 03:49:30 GMT
Server: Apache
X-Pingback: http://www.php-oa.com/xmlrpc.php
Location: http://www.php-oa.com/
Connection: close
Content-Type: text/html; charset=UTF-8
发现不一样了没,人家查到你的server使用的是什么,然后还有你使用的是不是squid,还是真实的服务器.
在你的squid.conf中加入
header_access Via deny all
header_access Server deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all
#不显示版本信息
httpd_suppress_version_string off
就可以把它关闭
要去掉其他的header,也可以照此操作,下面是列表.
| Accept | HTTP_ACCEPT |
| Accept-Charset | HTTP_ACCEPT-CHARSET |
| Accept-Encoding | HTTP_ACCEPT-ENCODING |
| Accept-Language | HTTP_ACCEPT-LANGUAGE |
| Accept-Ranges | HTTP_ACCEPT-RANGES |
| Age | HTTP_AGE |
| Allow | HTTP_ALLOW |
| Authorization | HTTP_AUTHORIZATION |
| Cache-Control | HTTP_CACHE-CONTROL |
| Connection | HTTP_CONNECTION |
| Content-Base | HTTP_CONTENT-BASE |
| Content-Disposition | HTTP_CONTENT-DISPOSITION |
| Content-Encoding | HTTP_CONTENT-ENCODING |
| Content-Language | HTTP_CONTENT-LANGUAGE |
| Content-Length | HTTP_CONTENT-LENGTH |
| Content-Location | HTTP_CONTENT-LOCATION |
| Content-MD5 | HTTP_CONTENT-MD5 |
| Content-Range | HTTP_CONTENT-RANGE |
| Content-Type | HTTP_CONTENT-TYPE |
| Cookie | HTTP_COOKIE |
| Date | HTTP_DATE |
| ETag | HTTP_ETAG |
| Expires | HTTP_EXPIRES |
| From | HTTP_FROM |
| Host | HTTP_HOST |
| If-Match | HTTP_IF-MATCH |
| If-Modified-Since | HTTP_IF-MODIFIED-SINCE |
| If-None-Match | HTTP_IF-NONE-MATCH |
| If-Range | HTTP_IF-RANGE |
| Last-Modified | HTTP_LAST-MODIFIED |
| Link | HTTP_LINK |
| Location | HTTP_LOCATION |
| Max-Forwards | HTTP_MAX-FORWARDS |
| Mime-Version | HTTP_MIME-VERSION |
| Pragma | HTTP_PRAGMA |
| Proxy-Authenticate | HTTP_PROXY-AUTHENTICATE |
| Proxy-Authentication-Info | HTTP_PROXY-AUTHENTICATION-INFO |
| Proxy-Authorization | HTTP_PROXY-AUTHORIZATION |
| Proxy-Connection | HTTP_PROXY-CONNECTION |
| Public | HTTP_PUBLIC |
| Range | HTTP_RANGE |
| Referer | HTTP_REFERER |
| Request-Range | HTTP_REQUEST-RANGE |
| Retry-After | HTTP_RETRY-AFTER |
| Server | HTTP_SERVER |
| Set-Cookie | HTTP_SET-COOKIE |
| Title | HTTP_TITLE |
| Transfer-Encoding | HTTP_TRANSFER-ENCODING |
| Upgrade | HTTP_UPGRADE |
| User-Agent | HTTP_USER-AGENT |
| Vary | HTTP_VARY |
| Via | HTTP_VIA |
| Warning | HTTP_WARNING |
| WWW-Authenticate | HTTP_WWW-AUTHENTICATE |
| Authentication-Info | HTTP_AUTHENTICATION-INFO |
| X-Cache | HTTP_X-CACHE |
| X-Cache-Lookup | HTTP_X-CACHE-LOOKUP |
| X-Forwarded-For | HTTP_X-FORWARDED-FOR |
| X-Request-URI | HTTP_X-REQUEST-URI |
| X-Squid-Error | HTTP_X-SQUID-ERROR |
| Negotiate | HTTP_NEGOTIATE |
| X-Accelerator-Vary | HTTP_X-ACCELERATOR-VARY |
| Other: | HTTP_OTHER: |
.text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus(); "添加到 POCO 网摘"){kind=logo}
