[squid-users] ACL reply_header_access

creditu at eml.cc creditu at eml.cc
Thu Dec 5 00:29:51 UTC 2019

We have been using several squid servers in accelerator mode for a number of years mainly for load balancing to send public requests to backend servers.  The requests to the squids typically come via a well known commercial  caching service.   The squids don't do any caching, they just forward requests to the backend.

I need to remove the  X-Content-Type-Options: nosniff reply header when it's only going to a specific service that queries our web farm.

I believe I can remove it from all replies by using reply_header_access X-Content-Type-Options deny all.  But, I need an ACL that will only remove it from those responses going to that service (client).  

I'm used to writing ACLs based on Internet to our farm requests not the outbound to the clients.  I'm having trouble getting my head around the logic on the acl directives to use.  Do I need to look at the reply headers and craft the ACL based on that?   Can you write and ACL based on the original request from the client?   

What I'd like to be able to do is write a acl that does not send back the X-Content-Type header to the client that requested: https://www.example.com/sound/ID/text/abcde.txt.  

More information about the squid-users mailing list