[squid-users] squid youtube caching
Amos Jeffries
squid3 at treenet.co.nz
Fri Jul 24 15:15:15 UTC 2015
On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
>
> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>
> 24.07.15 18:33, joe пишет:
>> i dont see Strict-Transport-Security in my log header
>> only alternate-protocol
>> can you post an example link pls
>
Note that the header may be sent over HTTP or HTTPS connection just once
with a value of up to 68 years. And the domain will be HTTPS from then
on as far as that client is concerned.
Dropping Strict-Transport-Security therefore does nothing useful.
But Squid replacing it with a new value of "max-age=0;
includeSubDomains" will turn off the HSTS in the client for that domain.
Be careful with that though. HSTS is actually a good thing most of the
time. No matter how annoying it is to us proxying.
Regarding Alternate-Protocol;
The latest Squid will auto-remove *always*. It usually indicates an
protocol experiment taking place by the website being visited (ie Google
and QUIC/SPDY) and does a lot of real damage to network security and
usability in any proxied network.
Amos
More information about the squid-users
mailing list