Yes that is much easier, thank you.
--
Rafaels line is response header, I received the same. Here is the related cachelog:
2016/06/27 13:52:49.194 kid1| 11,2| http.cc(2235) sendRequest: HTTP Server REQUEST:
GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/50.0.2661.102 Chrome/50.0.2661.102 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: tr,en-US;q=0.8,en;q=0.6
...
Host: www.flickr.com
Via: 1.1 ubuntuozgen (squid/3.5.19)
Surrogate-Capability: ubuntuozgen="Surrogate/1.0 ESI/1.0"
X-Forwarded-For: ::1
Cache-Control: max-age=0
Connection: keep-alive
..
2016/06/27 13:52:49.477 kid1| 11,2| http.cc(751) processReplyHeader: HTTP Server REPLY:
---------
HTTP/1.1 301 Moved Permanently
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Served-By: pprd1-node552-lh1.manhattan.bf1.yahoo.com
X-Instance: flickr.v1.production.manhattan.bf1.yahoo.com
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
X-Request-Id: 36e709a2
Location: https://www.flickr.com/
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 102
Server: ATS
Date: Mon, 27 Jun 2016 10:52:40 GMT
Age: 0
Via: http/1.1 fts111.flickr.bf1.yahoo.com (ApacheTrafficServer [cMs f ]), http/1.1 r11.ycpi.dea.yahoo.net (ApacheTrafficServer [cMs f ])
Connection: keep-alive
..
And this repeats on and on. As I understand disabling Via header is an acceptable solution. If I could disable the header only for problematic domains that would be better of course.
Thank you all.
On Mon, Jun 27, 2016 at 1:39 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 27/06/2016 9:04 p.m., Ozgur Batur wrote:
> Hello Amos,
>
> This is the via header sent by my local proxy as part of the request.
> *Via: 1.1 ubuntuozgen (squid/3.5.19)*
>
> It is not fqdn but ubuntu concatanated with a Turkish name so it is highly
> unlikely that yahoo have such named reverse proxy. I could not decrypt the
> squid <--> flicker traffic yet this is from pcap output from another http
> site but i think it should be same right?
Yes pcap (with full packet data) should contain the same needed details
yes. cache.log with debug level 11,2 is the easier way to get the
headers though since the crypto is removed by Squid.
Amos
H Özgür Batur
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users