True ,most secure sites set their cookies over HTTPS. On Tue, Jan 18, 2011 at 4:52 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 19/01/11 01:44, Alexander Curvers wrote: >> >> thanks for your response Amos, >> >> >> 2011/1/18 Amos Jeffries<squid3@xxxxxxxxxxxxx>: >>> >>> On 18/01/11 21:04, Hasanen AL-Bana wrote: >>>> >>>> don't you have to define ACL first ? >>> >>> "all" shoudld be in the 2.7 config anyways. >>> >> not exactly sure what you mean by this > > A squid-2.7 which lacks the line "acl all src all" is broken and Squid won't > start. > >>>> >>>> On Tue, Jan 18, 2011 at 1:23 AM, Alexander Curvers<acurvers@xxxxxxxxx> >>>> wrote: >>>>> >>>>> Hi i am running Version 2.7.STABLE3 on Debian >>>>> >>>>> im trying to block cookies >>>>> >>>>> ive added these lines to my config (and reloaded) >>>>> >>>>> header_access Cookie deny all >>>>> header_access Set-Cookie deny all >>>>> >>>>> but no effect... what am i missing? >>>>> >>> >>> Check if the site is using Set-Cookie2 or Cookie2 headers. 2.7 does not >>> support them. >>> >>> Otherwise the site is using some non-header way of setting the cookies. >>> They >>> can be set via HTML tags or any one of a dozen scripting languages or any >>> number of browser plugins and downloadable code. All of which are outside >>> Squid's control. >>> >> >> i could check using firebug or another plugin to see the cookie >> headers.. the site i tried was google and gmail and some random cookie >> test sites >> if its using Cookie2 headers i might block them using a regex filter >> or something even in 2.7 ? > > Ah, gmail. If it's on their HTTPS pages Squid does not see any of the the > actual transaction headers. Just a few on the CONNECT tunnel. > > > If it is Cookie2 you will have to port a simple 6-line patch and rebuild > your Squid > http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10174.patch > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.10 > Beta testers wanted for 3.2.0.4 >
