[squid-users] squid youtube caching

Yuri Voinov yvoinov at gmail.com
Fri Jul 24 15:34:25 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 


24.07.15 21:15, Amos Jeffries пишет:
> On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
>>
>> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>
>> 24.07.15 18:33, joe пишет:
>>> i dont see Strict-Transport-Security  in my log header
>>> only alternate-protocol
>>> can you post an example link pls
>>
>
> Note that the header may be sent over HTTP or HTTPS connection just once
> with a value of up to 68 years. And the domain will be HTTPS from then
> on as far as that client is concerned.
>
> Dropping Strict-Transport-Security therefore does nothing useful.
In my setup it works for Chrome when user type "youtube.com" in command
line. Browser goes into http. Always.
>
>
> But Squid replacing it with a new value of "max-age=0;
> includeSubDomains" will turn off the HSTS in the client for that domain.
Which Squid?
>
>
> Be careful with that though. HSTS is actually a good thing most of the
> time. No matter how annoying it is to us proxying.
This is security illusion. Which is more bad than insecure.
>
>
>
> Regarding Alternate-Protocol;
>  The latest Squid will auto-remove *always*. It usually indicates an
> protocol experiment taking place by the website being visited (ie Google
> and QUIC/SPDY) and does a lot of real damage to network security and
> usability in any proxied network.
No network security during DPI. So, all of this things is meaningless. IMHO.

All usability we are need - HTTP does.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVslsBAAoJENNXIZxhPexGRK0H/0Y4ga/K6aNbYKLMaLFgcMmC
UjZ5MbI4EqftW6z2Yn4G2RoQp3BjoZuKRbdzIDkzpqZJnc4MfoeqlCHlcfCyV7S0
v/qeygrh8BycU/VNZzCnZn8xVq32MfhO8l6A4yI/d4OW0yEBG1m9bHgykB0+cvLo
U1w7oUc8j6CJ0AAxCpvux5ZFidf/E4zbvR1/RDhaOlRe0hx39K6ErUjrqiAjtiii
4AMneYgXn5LGD6LOwTumP7Zw4H4PklmeIlgLULK/Fr9f7m3OuPOcWBl1w4t/V+Xm
cxDfp4ewdVDbhwHNdu+GXP4JaQsuBxk+bYMNArDQtyzNY6h3OaDoURkse0eW6kM=
=5Rui
-----END PGP SIGNATURE-----

More information about the squid-users mailing list