Folks:
The analysis of the APT techniques used by Kissmetrics (at
http://www.wired.com/epicenter/2011/07/undeletable-cookie/) is interesting
if thin, and suggests one way that Squid might be leveraged to interfere
with such tracking: deleting the "Etag:" header from request replies.
I know having the proxy fiddle with HTTP reply headers is against the HTTP
protocol, and that the reply_header_access option only allows fine-grain
manipulation of registered HTTP headers, and that this is fraught with the
potential for devolving into a game of whack-a-mole, but it seems to me
that this should at least be explored, and may be an argument for opening
the reply_header_access option up to fine-grain manipulation of any
arbitrary HTTP header.
I do know that right now I would sure like to be able to do:
reply_header_access Etag deny all
without hacking the Squid sources to add the "Etag" header...
Comments?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@xxxxxxxxxx FALaholic #11174 pgpk -a jhardin@xxxxxxxxxx
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If guns kill people, then...
-- pencils miss spel words.
-- cars make people drive drunk.
-- spoons make people fat.
-----------------------------------------------------------------------
3 days until the 276th anniversary of John Peter Zenger's acquittal
