[squid-users] proxy authorization header remover from 3.5.x squid
--Ahmad--
ahmed.zaeem at netstream.ps
Sat Sep 17 09:41:03 UTC 2016
Hi Amos thanks for the reply
so indeed I’m only interested with connection between the proxy and the website that I’m visiting .
all what I’m care is the website i visit don’t see any headers that indicate that I’m coming from a proxy
i also tried with x-cache-header but i still see it in my firefox .
i have final question
can i have squid proxy that the website that i visit see it exactly as I’m using socks5 ???
i believe socks5 is not seen at all and don’t leak any headers
i hope so
cheers
> On Sep 17, 2016, at 12:35 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 17/09/2016 9:05 p.m., --Ahmad-- wrote:
>> Hi Amos again
>>
>> all what i need is the proxy authorization header get removed since some websites will ban may proxy incase there were any headers that comes with the proxy .
>>
>> thats all
>>
>> i could see that header myself in firefox as :
>> proxy-authorization "Basic ZHJ2aXJ1czpkcnZpcnVz”
>>
>
> HTTP is a stateless and multiplexed protocol.
>
> Firefox only sees the connection between it and the proxy. It cannot see
> what happens on any of the connection(s) outgoing from the proxy.
>
> Note: the proxy may not even be using HTTP to fetch the data it sends
> back as an HTTP response.
>
> If you want to see what Squid is sending upstream the way to do that is
> to enable "debug_options 11,2" and look for the "Server HTTP" messages
> in cache.log. They might surprise you.
>
>
>> regarding to the upstream proxy ,
>> do you mean i setup cache peer directive to other proxy and the that header is gone ??
>>
>
> Certain headers in HTTP are only relevant to a single TCP connection.
> These are called "hop-by-hop" headers.
>
> They get erased on the receiving agent. Different ones containing same
> or similar content MAY be generated outgoing from that agent, but only
> if required by that different proxy->upstream TCP connection.
>
> The request_header_access rules you configured earlier *only* affect
> these outgoing proxy requests. Note that they are the ones Firefox
> *cannot* see.
>
> However;
> * All the Proxy-Auth* headers are hop-by-hop headers.
>
> * Proxy-Connection is a long ago obsolete experimental header. So Squid
> receives it but never sends.
>
> You only need those request_header_access rules to remove Proxy-*
> headers *IF* they are actually being sent out by _Squid_ in that 11,2
> debugs trace. Having them sent by Firfox is irrelevant.
>
> Amos
>
More information about the squid-users
mailing list