[squid-users] proxy authorization header remover from 3.5.x squid

--Ahmad-- ahmed.zaeem at netstream.ps
Sat Sep 17 09:41:03 UTC 2016 

Hi Amos thanks for the reply 

so indeed I’m only interested with connection between the proxy and the website that I’m visiting .

all what I’m care is the website i visit don’t see any headers that indicate that I’m coming from a proxy 

i also tried with x-cache-header but i still see it in my firefox .

i have final question 

can i have squid proxy that the website that i visit see it exactly as I’m using socks5 ???

i believe socks5 is not seen at all and don’t leak any headers

i hope so


cheers 
> On Sep 17, 2016, at 12:35 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 17/09/2016 9:05 p.m., --Ahmad-- wrote:
>> Hi Amos again 
>> 
>> all what i need is the proxy authorization header get removed since some websites will ban may proxy incase there were any headers that comes with the proxy .
>> 
>> thats all
>> 
>> i could see that header myself in firefox as :
>> proxy-authorization "Basic ZHJ2aXJ1czpkcnZpcnVz”
>> 
> 
> HTTP is a stateless and multiplexed protocol.
> 
> Firefox only sees the connection between it and the proxy. It cannot see
> what happens on any of the connection(s) outgoing from the proxy.
> 
> Note: the proxy may not even be using HTTP to fetch the data it sends
> back as an HTTP response.
> 
> If you want to see what Squid is sending upstream the way to do that is
> to enable "debug_options 11,2" and look for the "Server HTTP" messages
> in cache.log. They might surprise you.
> 
> 
>> regarding to the upstream proxy , 
>> do you mean i setup cache peer directive to other proxy and the that header is gone ??
>> 
> 
> Certain headers in HTTP are only relevant to a single TCP connection.
> These are called "hop-by-hop" headers.
> 
> They get erased on the receiving agent. Different ones containing same
> or similar content MAY be generated outgoing from that agent, but only
> if required by that different proxy->upstream TCP connection.
> 
> The request_header_access rules you configured earlier *only* affect
> these outgoing proxy requests. Note that they are the ones Firefox
> *cannot* see.
> 
> However;
> * All the Proxy-Auth* headers are hop-by-hop headers.
> 
> * Proxy-Connection is a long ago obsolete experimental header. So Squid
> receives it but never sends.
> 
> You only need those request_header_access rules to remove Proxy-*
> headers *IF* they are actually being sent out by _Squid_ in that 11,2
> debugs trace. Having them sent by Firfox is irrelevant.
> 
> Amos
>

More information about the squid-users mailing list