[squid-users] Add header to HTTPS requests

Thu May 20 05:52:05 UTC 2021

Thanks Franchesco. If there are any samples that you know of I would sincerely appreciate. 🙂

Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Francesco Chemolli <gkinkie at gmail.com>
Sent: Wednesday, May 19, 2021 10:46 PM
To: Aniruddha Gore
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Add header to HTTPS requests

On Thu, May 20, 2021 at 2:05 AM Aniruddha Gore <agnrie at hotmail.com<mailto:agnrie at hotmail.com>> wrote:
Hello folks, I am using Squid as a simple [forward] proxy and was wondering if it is feasible and advised to add custom headers to HTTPS requests?

Hi Ainiruddha,
  feasible, yes. Advised, maybe.

I think I can achieve it using ssl_bump but I am still teaching myself about it. However, it seems to help more with examining HTTPS requests than modifying them.

That's actually the only way to do it. The whole point of https is to prevent intermediaries (such as squid) from seeing the contents of the requests and meddle with them. sslbump breaks that assumption

I also came across a stern warning at https://wiki.squid-cache.org/Features/HTTPS<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FHTTPS&data=04%7C01%7C%7C6137554eece347cf64d008d91b529264%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637570863715009526%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1RWirW4tVR83LpuwuMql5jnN61lUOF7DHci%2B6qZjvB0%3D&reserved=0> and was wondering if what I want to do is even advised 🙂

It really depends on your context and objectives. For sure it can be pretty informative, if your objective is to learn how http works to the wire.

--
    Francesco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210520/e1a1c73f/attachment-0001.htm>