[squid-users] proxy authorization header remover from 3.5.x squid

Amos Jeffries squid3 at treenet.co.nz
Sat Sep 17 09:35:28 UTC 2016


On 17/09/2016 9:05 p.m., --Ahmad-- wrote:
> Hi Amos again 
> 
> all what i need is the proxy authorization header get removed since some websites will ban may proxy incase there were any headers that comes with the proxy .
> 
> thats all
> 
> i could see that header myself in firefox as :
> proxy-authorization "Basic ZHJ2aXJ1czpkcnZpcnVz”
> 

HTTP is a stateless and multiplexed protocol.

Firefox only sees the connection between it and the proxy. It cannot see
what happens on any of the connection(s) outgoing from the proxy.

Note: the proxy may not even be using HTTP to fetch the data it sends
back as an HTTP response.

If you want to see what Squid is sending upstream the way to do that is
to enable "debug_options 11,2" and look for the "Server HTTP" messages
in cache.log. They might surprise you.


> regarding to the upstream proxy , 
> do you mean i setup cache peer directive to other proxy and the that header is gone ??
> 

Certain headers in HTTP are only relevant to a single TCP connection.
These are called "hop-by-hop" headers.

They get erased on the receiving agent. Different ones containing same
or similar content MAY be generated outgoing from that agent, but only
if required by that different proxy->upstream TCP connection.

The request_header_access rules you configured earlier *only* affect
these outgoing proxy requests. Note that they are the ones Firefox
*cannot* see.

However;
* All the Proxy-Auth* headers are hop-by-hop headers.

* Proxy-Connection is a long ago obsolete experimental header. So Squid
receives it but never sends.

You only need those request_header_access rules to remove Proxy-*
headers *IF* they are actually being sent out by _Squid_ in that 11,2
debugs trace. Having them sent by Firfox is irrelevant.

Amos



More information about the squid-users mailing list