[squid-users] HTTPS and Headers
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 21 07:11:04 UTC 2016
On 21/07/2016 6:41 p.m., FredB wrote:
> Hello,
>
> I wonder what headers can be see by squid with a SSL website ? Without SSLBump of course
> In my logs I'm seeing User-Agent, Proxy-Authorization and some others but when I try to put some new headers it works only with an HTTP website
>
> I can't do that ? What are the limitations ?
>
> My goal is to mark in logs a specific information from a user for all proxies (proxy chaining)
>
What can be expected to sometimes happen are:
All the RFC 7230 headers (Host, Connection, TE, Transfer-Encoding, Via,
Date, Forwarded, etc) which are defined for negotiating the Transport
itself can be expected *if* the sending agent supports those mechanisms.
The RFC 7231 control headers (Upgrade, etc) which determine application
specific changes to the transport.
The RFC 7235 Proxy-Auth* headers which authenticate the transport hop.
For example; The Squid generated CONNECT for bypassing bumping and
unsupported protocols only sends Host. Browser and other UA send a lot more.
The User-Agent line is optional. I expect that will disappear when
browsers get a lot more onboard with privacy concerns.
The other headers defined for HTTP which usually define or negotiate the
data content of messages, or custom header from web applications can all
be expected to be absent.
eg. Accept-* and Content-*, Cookie, Set-Cookie, WWW-Auth* etc.
Amos
More information about the squid-users
mailing list