On 06/07/2013 10:14 AM, CACook@xxxxxxxxxxxxxxx wrote: > On Thursday, June 06, 2013 09:38:41 PM Amos Jeffries wrote: >> On 6/06/2013 5:06 a.m., CACook@xxxxxxxxxxxxxxx wrote: >>> On Friday, May 31, 2013 07:51:08 AM CACook@xxxxxxxxxxxxxxx wrote: >>>> On Wednesday, May 29, 2013 04:20:21 PM CACook@xxxxxxxxxxxxxxx wrote: >>>>> Does anyone know why I can't stay logged in to this site, with headers paranoid? >>>>> http://www.cctvforum.com/ >>>>> >>>>> squid.conf: >>>>> http://pastebin.ca/2384770 >>>>> >>>>> Here's what happens when I give my username and password on the site and try to log in: >>>>> http://pastebin.ca/2385890 >>>> No one knows? >>> Is there anyplace documented where I could learn which header items could be causing the problem? >> >> They key ones are all in here: http://www.ietf.org/rfc/rfc2616.txt >> notice the rules pertaining to proxies and gateways - which headers are >> mandatory for relay, insert or update. >> >> Amos > > I guess I give up. I have no errors in the logs when the failure occurs, so I just can't divine the problem. You need to analyze incoming and outgoing request headers for the transaction(s) that fail. Squid can log them for you. After that, use trial-and-error approach to allow the headers that are critical to that specific site. Repeat for each site that fails to function when you filter headers. This pain is a side-effect of you telling Squid to violate HTTP by not forwarding the headers it must forward. Only you can tell whether that pain is worth the gain in privacy (or whatever it is that you are trying to accomplish by stripping headers), of course. HTH, Alex.
