Yes, this hack is working. Thanks for the tip! By the way, logging ICAP response headers would be far cleaner, yes, since hacks tend to stop working with new versions ;) Our server is able to add information within ICAP header (it is its default behavior). Do you think it would be difficult to add this feature to squid? Best regards, Vincent. On Mon, 2008-01-21 at 10:35 -0700, ext Alex Rousskov wrote: > On Thu, 2008-01-17 at 17:01 +0100, Bourdaraud Vincent (NSN - FR/St-Ouen) > wrote: > > > I'm new to squid. It looks overall pretty good, by I found a show > > stopper for our project :( > > > > We use squid 3.0 STABLE1 compiled with --enable-icap-client and > > configured to delegate all HTTP request to our ICAP server. We need > > squid to add some information processed by our ICAP server within its > > HTTP transaction logs (basically, this information is a user unique ID). > > This information is very sensitive and must not be forwarded to > > origin-servers. > > > > I've read FAQ, docs and played with squid and found no solution since > > squid is not able to ICAP header and not able to log HTTP headers before > > they are removed with header_access rules > > > > Do you guys have some idea? > > One hack you could try is to add "Connection: X-FOO" HTTP header in hope > that Squid will log and then remove it before forwarding. I have not > tried that and do not know whether hop-by-hop headers are removed late > enough for this ugly hack to work. > > If logging and then removing HTTP headers is not possible, then I think > we should add a feature to log ICAP response headers. Can your server > return the needed information in the ICAP response header instead of the > HTTP message header? > > Thank you, > > Alex. > >