Hi Amos thanks for the reply so indeed I’m only interested with connection between the proxy and the website that I’m visiting . all what I’m care is the website i visit don’t see any headers that indicate that I’m coming from a proxy i also tried with x-cache-header but i still see it in my firefox . i have final question can i have squid proxy that the website that i visit see it exactly as I’m using socks5 ??? i believe socks5 is not seen at all and don’t leak any headers i hope so cheers > On Sep 17, 2016, at 12:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > On 17/09/2016 9:05 p.m., --Ahmad-- wrote: >> Hi Amos again >> >> all what i need is the proxy authorization header get removed since some websites will ban may proxy incase there were any headers that comes with the proxy . >> >> thats all >> >> i could see that header myself in firefox as : >> proxy-authorization "Basic ZHJ2aXJ1czpkcnZpcnVz” >> > > HTTP is a stateless and multiplexed protocol. > > Firefox only sees the connection between it and the proxy. It cannot see > what happens on any of the connection(s) outgoing from the proxy. > > Note: the proxy may not even be using HTTP to fetch the data it sends > back as an HTTP response. > > If you want to see what Squid is sending upstream the way to do that is > to enable "debug_options 11,2" and look for the "Server HTTP" messages > in cache.log. They might surprise you. > > >> regarding to the upstream proxy , >> do you mean i setup cache peer directive to other proxy and the that header is gone ?? >> > > Certain headers in HTTP are only relevant to a single TCP connection. > These are called "hop-by-hop" headers. > > They get erased on the receiving agent. Different ones containing same > or similar content MAY be generated outgoing from that agent, but only > if required by that different proxy->upstream TCP connection. > > The request_header_access rules you configured earlier *only* affect > these outgoing proxy requests. Note that they are the ones Firefox > *cannot* see. > > However; > * All the Proxy-Auth* headers are hop-by-hop headers. > > * Proxy-Connection is a long ago obsolete experimental header. So Squid > receives it but never sends. > > You only need those request_header_access rules to remove Proxy-* > headers *IF* they are actually being sent out by _Squid_ in that 11,2 > debugs trace. Having them sent by Firfox is irrelevant. > > Amos > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
