Sun Java System Web Proxy Server 4.0.2 2005Q4 Administration Guide

Suppressing Outgoing Headers

You can configure the proxy server to remove outgoing headers from the request (usually for security reasons). For example, you might want to prevent the From header from going out because it reveals the user’s email address or, you might want to filter out the user-agent header so external servers cannot determine what web browsers your organization uses. You may also want to remove logging or client-related headers that are to be used only in your intranet before a request is forwarded to the Internet.

This feature does not affect headers that are specially handled or generated by the proxy itself or that are necessary to make the protocol work properly (such as If-Modified-Since and Forwarded).

Although it is not possible to stop the forwarded header from originating from a proxy, this is not a security problem. The remote server can detect the connecting proxy host from the connection. In a proxy chain, a forwarded header coming from an inner proxy can be suppressed by an outer proxy. Setting your servers up this way is recommended when you do not want to have the inner proxy or client host name revealed to the remote server.

ProcedureTo suppress outgoing headers

Steps
  1. Access the Server Manager, and click the Filters tab.

  2. Click the Suppress Outgoing Headers link. The Suppress Outgoing Headers page displays.

  3. Enter a comma separated list of request headers to be suppressed in the Suppress Headers text box. For example, to suppress the From and User-Agent headers, type from,user-agent. The headers you type are not case-sensitive. For more information on regular expressions, see “Understanding Regular Expressions” in Chapter 16, Managing Templates and Resources.

  4. Click Restart Required. The Apply Changes page displays.

  5. Click the Restart Proxy Server button to apply the changes.