Search squid archive

Re: squid youtube caching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 25/07/2015 12:38 a.m., Yuri Voinov wrote:
> 
> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> 
> 24.07.15 18:33, joe пишет:
>> i dont see Strict-Transport-Security  in my log header
>> only alternate-protocol
>> can you post an example link pls
> 

Note that the header may be sent over HTTP or HTTPS connection just once
with a value of up to 68 years. And the domain will be HTTPS from then
on as far as that client is concerned.

Dropping Strict-Transport-Security therefore does nothing useful.

But Squid replacing it with a new value of "max-age=0;
includeSubDomains" will turn off the HSTS in the client for that domain.

Be careful with that though. HSTS is actually a good thing most of the
time. No matter how annoying it is to us proxying.


Regarding Alternate-Protocol;
 The latest Squid will auto-remove *always*. It usually indicates an
protocol experiment taking place by the website being visited (ie Google
and QUIC/SPDY) and does a lot of real damage to network security and
usability in any proxied network.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux