On 17/09/2016 9:05 p.m., --Ahmad-- wrote: > Hi Amos again > > all what i need is the proxy authorization header get removed since some websites will ban may proxy incase there were any headers that comes with the proxy . > > thats all > > i could see that header myself in firefox as : > proxy-authorization "Basic ZHJ2aXJ1czpkcnZpcnVz” > HTTP is a stateless and multiplexed protocol. Firefox only sees the connection between it and the proxy. It cannot see what happens on any of the connection(s) outgoing from the proxy. Note: the proxy may not even be using HTTP to fetch the data it sends back as an HTTP response. If you want to see what Squid is sending upstream the way to do that is to enable "debug_options 11,2" and look for the "Server HTTP" messages in cache.log. They might surprise you. > regarding to the upstream proxy , > do you mean i setup cache peer directive to other proxy and the that header is gone ?? > Certain headers in HTTP are only relevant to a single TCP connection. These are called "hop-by-hop" headers. They get erased on the receiving agent. Different ones containing same or similar content MAY be generated outgoing from that agent, but only if required by that different proxy->upstream TCP connection. The request_header_access rules you configured earlier *only* affect these outgoing proxy requests. Note that they are the ones Firefox *cannot* see. However; * All the Proxy-Auth* headers are hop-by-hop headers. * Proxy-Connection is a long ago obsolete experimental header. So Squid receives it but never sends. You only need those request_header_access rules to remove Proxy-* headers *IF* they are actually being sent out by _Squid_ in that 11,2 debugs trace. Having them sent by Firfox is irrelevant. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users