On 30.01.17 12:09, Andrea Venturoli wrote:
The answer to a direct connection (or to Squid with "forwarded_for
transparent") is:
HTTP/1.1 303 See other
Date: Mon, 30 Jan 2017 09:56:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=wwwwwwwwwww; path=/
Set-Cookie: yyyyyyyyyyyyyy=zzzzzzzzzzzzz; path=/; HttpOnly
Location: http://www.xxxxxxx.com/md/it/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
The answer to Squid without "forwarded_for transparent") is:
HTTP/1.1 200 OK
Date: Mon, 30 Jan 2017 09:33:51 GMT
Server: Apache
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=vvvvvvvvvvvvvvvvvvvvvv; path=/
Content-Length: 0
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Content-Type: text/html
The site is a commercial one and, altough it features a reserved
area, I don't see any point in loosing visibility to corporate users.
Also the webserver belongs to a famous ISP which should also hosts
thousands of other sites, so I guess it should have nothing fancy.
Anyone can shed some light on this behaviour?
it's quite common that some pages break on x-forwarded-for header.
It's mostly fault of those pages, not clients or webserver.
Is this Squid's fault (I don't think so, but I'll just ask)?
no
Is this a known bug in some version of Apache or PHP or whatever?
no
Is it dangerous to keep "forwarded_for transparent" in my config?
might be, if you let private internal data to pass out.
you should study what does the directive do and decide what to do with XFF
header. See:
http://www.squid-cache.org/Doc/config/forwarded_for/
if there's possibility of contacting the page owner with a complaint, do that.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users