From 4c9141aac6b60eab1a0113d45ac059a78097b0f7 Mon Sep 17 00:00:00 2001
From: Robert James Kaes <rjkaes@users.sourceforge.net>
Date: Fri, 20 Jun 2003 17:02:13 +0000
Subject: Removed the "ViaHeader" directive and replaced it with the
 "ViaProxyName" directive.  The "Via" HTTP header is _required_ by the HTTP
 spec, so the code has been changed to always send the header. However,
 including the proxy's host name could be considered a security threat, so the
 "ViaProxyName" directive is used to set the token sent in the "Via" header. 
 If the directive is not enabled the proxy's host name will be used.

---
 doc/tinyproxy.conf | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'doc')

diff --git a/doc/tinyproxy.conf b/doc/tinyproxy.conf
index 9eacb95..6bc9729 100644
--- a/doc/tinyproxy.conf
+++ b/doc/tinyproxy.conf
@@ -166,11 +166,12 @@ Allow 127.0.0.1
 Allow 192.168.1.0/25
 
 #
-# Control whether the HTTP Via header should be included in requests or
-# responses.  The RFC says it should be there, but it could be a security
-# concern.  The default is off.
+# The "Via" header is required by the HTTP RFC, but using the real host name
+# is a security concern.  If the following directive is enabled, the string
+# supplied will be used as the host name in the Via header; otherwise, the
+# server's host name will be used.
 #
-#ViaHeader On
+ViaProxyName "tinyproxy"
 
 #
 # The location of the filter file.
-- 
cgit v1.2.3