On Thu, 2008-01-17 at 17:01 +0100, Bourdaraud Vincent (NSN - FR/St-Ouen) wrote: > I'm new to squid. It looks overall pretty good, by I found a show > stopper for our project :( > > We use squid 3.0 STABLE1 compiled with --enable-icap-client and > configured to delegate all HTTP request to our ICAP server. We need > squid to add some information processed by our ICAP server within its > HTTP transaction logs (basically, this information is a user unique ID). > This information is very sensitive and must not be forwarded to > origin-servers. > > I've read FAQ, docs and played with squid and found no solution since > squid is not able to ICAP header and not able to log HTTP headers before > they are removed with header_access rules > > Do you guys have some idea? One hack you could try is to add "Connection: X-FOO" HTTP header in hope that Squid will log and then remove it before forwarding. I have not tried that and do not know whether hop-by-hop headers are removed late enough for this ugly hack to work. If logging and then removing HTTP headers is not possible, then I think we should add a feature to log ICAP response headers. Can your server return the needed information in the ICAP response header instead of the HTTP message header? Thank you, Alex.
