[squid-users] proxy authorization header remover from 3.5.x squid

--Ahmad-- ahmed.zaeem at netstream.ps
Sat Sep 17 09:05:18 UTC 2016


Hi Amos again 

all what i need is the proxy authorization header get removed since some websites will ban may proxy incase there were any headers that comes with the proxy .

thats all

i could see that header myself in firefox as :
proxy-authorization "Basic ZHJ2aXJ1czpkcnZpcnVz”

regarding to the upstream proxy , 
do you mean i setup cache peer directive to other proxy and the that header is gone ??

thanks 
> On Sep 4, 2016, at 6:41 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 5/09/2016 3:31 a.m., Ahmed Alzaeem wrote:
>> hi amos I’m curious to have my proxies not being detected from others .
>> 
> 
> Then you choose to make your clients and network internal structore
> entirely visible to the upstream servers.
> 
> You can hide your network structure and clients, or you can hide the
> proxy. Not both.
> 
> 
>> thats all .
>> 
>> i already tried the header access directive 
>> request_header_access Proxy-Connection deny  all
>> request_header_access Proxy-Authorization deny all
>> request_header_access Proxy-Authenticate deny  all
>> 
>> 
>> but i still see the header 
>> 
> 
> Er. Those are hop-by-hop headers.
> 
> * Proxy-Connection is an experimental header that has not had any
> meaningful use since Netscape Navigator 4.x died out.
> 
> * Squid removes the Auth related headers on upstream connections unless
> you configure Squid to authenticate against the upstream server or proxy
> the message is going to. see RFC 7235 for details on that.
> 
> * requests on the client->Squid connection are not under your control.
> They are generated by the client.
> 
> 
> Also, you said "my proxy which has usr/pwd using basic_ncsa auth".
> That means you have proxy authentication configured to happen. A forward
> proxy can only do HTTP authentication with the use of Proxy-Auth* headers.
> 
> Amos
> 
> 
>> 
>> thank you 
>> 
>>> On Sep 3, 2016, at 4:53 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>> 
>>> On 3/09/2016 9:18 p.m., --Ahmad-- wrote:
>>>> hi squid users ,
>>>> I’m looking for the directive that will remove 
>>>> proxy authorization header 
>>>> 
>>>> when i analyze my proxy which has usr/pwd using basic_ncsa auth 
>>>> 
>>>> it still show that header 
>>>> 
>>>> not sure  the directive to remove that header .
>>>> 
>>>> ?
>>> 
>>> I don't understand why authentication happening would be a problem after
>>> you configured it to happen.
>>> 
>>> Can you describe the problem in a bit more detail please?
>>> 
>>> Amos
>>> 
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160917/03508a74/attachment-0001.html>


More information about the squid-users mailing list