On 21/07/2016 6:41 p.m., FredB wrote: > Hello, > > I wonder what headers can be see by squid with a SSL website ? Without SSLBump of course > In my logs I'm seeing User-Agent, Proxy-Authorization and some others but when I try to put some new headers it works only with an HTTP website > > I can't do that ? What are the limitations ? > > My goal is to mark in logs a specific information from a user for all proxies (proxy chaining) > What can be expected to sometimes happen are: All the RFC 7230 headers (Host, Connection, TE, Transfer-Encoding, Via, Date, Forwarded, etc) which are defined for negotiating the Transport itself can be expected *if* the sending agent supports those mechanisms. The RFC 7231 control headers (Upgrade, etc) which determine application specific changes to the transport. The RFC 7235 Proxy-Auth* headers which authenticate the transport hop. For example; The Squid generated CONNECT for bypassing bumping and unsupported protocols only sends Host. Browser and other UA send a lot more. The User-Agent line is optional. I expect that will disappear when browsers get a lot more onboard with privacy concerns. The other headers defined for HTTP which usually define or negotiate the data content of messages, or custom header from web applications can all be expected to be absent. eg. Accept-* and Content-*, Cookie, Set-Cookie, WWW-Auth* etc. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
