Search squid archive

Re: Blocking or allowing specific arbitrary request headers in squid-3.1.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 16 Mar 2010 14:06:59 +0000, Graham Keeling <graham@xxxxxxxxxxxx>
wrote:
> Hello,
> 
> In older versions of squid, I was able to block or allow specific
arbitrary
> request headers. For example:
> 
> header_access X-SomeRandomHeaderA allow all
> header_access X-SomeRandomHeaderB deny all
> 
> In squid-3.1 (and 3.0, I think), the equivalent of header_access for
> request
> headers is now request_header_access.
> 
> But if I try this, squid gets upset and doesn't start:
> request_header_access X-SomeRandomHeaderA allow all

"allow all" is the default. You can ignore those settings.

> request_header_access X-SomeRandomHeaderB deny all
> 
> It says:
> 2010/03/16 13:55:19| parse_http_header_access: unknown header name
> 'X-SomeRandomHeaderA'
> 
> So, it seems that you can only add headers that squid knows about
> internally.
> Which is what this page says:
> http://www.squid-cache.org/Doc/config/request_header_access/
> 
> 	You can only specify known headers for the header name.
> 	Other headers are reclassified as 'Other'. You can also
> 	refer to all the headers with 'All'.
> 
> I could use 'Other', but it means that I have to treat all unknown
headers
> in the same way. Unless I'm missing something.
> 
> 
> So, can anybody tell me how to block or allow specific arbitrary request
> headers in squid-3.1?
> 

Not possible in Squid-3. Removing random headers is a violation of HTTP
protocol and can seriously break things when not understood.

If you can present to us some information about these special headers that
shows they are in fact deserving of stripping, we can add them.

There is always the eCAP/ICAP filtering add-on interface now available for
local control.


Rant:  I for one got tired of handling complaints because application X
would not work through Squid when the admin stripped away all it's
proprietary headers.


Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux