[squid-users] Adding an extra header to TLS connection
Alex Rousskov
rousskov at measurement-factory.com
Thu May 23 15:49:10 UTC 2024
On 2024-05-22 03:49, Robin Wood wrote:
> I'm trying to work out how to add an extra header to a TLS connection.
I assume that you want to add a header field to an HTTP request or
response that is being transmitted inside a TLS connection between a TLS
client (e.g., a user browser) and an HTTPS origin server.
Do you control the client that originates that TLS connection (or its
OS/environment) or the origin server? If you do not, then what you want
is impossible -- TLS encryption exists, in part, to prevent such traffic
modifications.
If you control the client that originates that TLS connection (or its
OS/environment), then you may be able to, in _some_ cases, add that
header by configuring the client (or its OS/environment) to trust you as
a Certificate Authority, minting your own X509 certificates, and
configuring Squid to perform a "man in the middle" attack on
client-server traffic, using your minted certificates. You can search
for Squid SslBump to get more information about this feature, but the
area is full of insurmountable difficulties and misleading advice. Avoid
it if at all possible!
HTH,
Alex.
> I've found information on how to do it on what I think is the pre-3.5
> release, but I can't find any useful information on doing it on the
> current version.
>
> Could someone give me an example or point me at some documentation on
> how to do it.
>
> Thanks
>
> Robin
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list