[squid-users] HTTPS and Headers

Alex Rousskov rousskov at measurement-factory.com
Thu Jul 21 16:37:01 UTC 2016


On 07/21/2016 10:33 AM, Alex Rousskov wrote:
> On 07/21/2016 12:41 AM, FredB wrote:
>> when I try to put some new headers it works only with an HTTP website
>>
>> I can't do that ? What are the limitations ?


> If you are intercepting SSL traffic, then you can do nothing today and
> will be able to do nothing forever [unless you bump it].

Actually, this is wrong -- if you [teach Squid to] forward intercepted
SSL traffic to a regular cache peer (which is not pretending to be an
origin server), then you can still use extension CONNECT headers between
your Squid and that cache peer as discussed below.

> If you are using an explicit forward proxy, then you can do nothing
> [reliably] today, but it is possible to teach Squid to obey various
> header-adding/mangling directives when sending CONNECT requests to cache
> peers. After those enhancements, you would be able to pass information
> from one proxy to another as an extension CONNECT header field(s). That
> information will be passed in clear text though.


HTH,

Alex.



More information about the squid-users mailing list