Nice post, another little bit for peeps.

A friend sent me this other day when I was configuring squid for a reverse proxy:

Before mod:

Server: Apache
Last-Modified: Mon, 19 Oct 2009 01:58:33 GMT
ETag: "8943ca-15eb-153ac440"
Accept-Ranges: bytes
Content-Length: 5611
Content-Type: text/html; charset=utf-8
Age: 132844
Warning: 113 <removed> (squid) This cache hit is still fresh and more than 1 day old
X-Cache: HIT from <removed>
Via: 1.0 <removed> (squid)
Connection: close


After mod:

Date: Mon, 19 Oct 2009 11:30:20 GMT
Last-Modified: Mon, 19 Oct 2009 01:58:33 GMT
ETag: "8943ca-15eb-153ac440"
Accept-Ranges: bytes
Content-Length: 5611
Content-Type: text/html; charset=utf-8
Age: 140440
Connection: close


How:

add this to the reverse proxy conf.

reply_header_access Server deny all
reply_header_access Via deny all
reply_header_access Warning deny all
reply_header_access X-Cache deny all
reply_header_access X-Squid-Error deny all


This only applies to requests going out of squid - including squids own added headers.
Now by generating an access denied it is possible to know that squid is in the middle but not just by using passive recognition
It might be possible to modify the server string to a specified string - I'll check that later.



Might help someone.