Search squid archive

Re: Does squid generates/adds additional HTTP headers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/07/17 04:36, Sonya Roy wrote:
As Alex mentioned its not possible to do with squid. I modified the squid source code to do this a month ago. Its not hard to do, you will only need to modify http.cc and client_side.cc a bit.


What you did and what avi_h is asking about does not match what avi_h says they want to happen.


On 12/07/17 07:00, avi_h wrote:
> make
> some server(s) think that the
> request is coming directly from a user agent



Even sending the entire HTTP headers as-is through to the server cannot prevent proxy detection if the server is actively trying to detect it. Some naive services look only at the headers, others inject code into the client to scan the Browsers view of the network environment and send that back to the server for comparison of what the server environment contains - yelling "proxy" if anything appears different, regardless of whether a proxy actually exists.


So as Alex hinted but did not state - what would help is info about the specific websites/services one is trying to work around. Narrowing the problem down to certain sites, and what behaviour you want to stop them having would be a great first step.


FWIW; in my experience most of the real traffic problems are not caused by proxy detection at all. That seems to be purely users/admin getting thrown off by other equally broken problem-detection websites, or blaming the proxy when something else is causing problems.

The real problem is usually servers dying in horrible ways when unexpected HTTP headers are given to them - even fully standardized headers like Via (RFC 2068, 2616, 7231) with standard values is beyond some server scripts ability to parse.

Not many web dev seems to understand that HTTP headers can contain arbitrary-length comments. "via off" is not so much preventing the proxy causing problems, but preventing clients behind the proxy injecting bogus XSS code into the server script through it - by granting any attacker more complete anonimity to do other attacks.

(sorry for the rant - I'm just tired of people thinking that hiding their proxy actually helps).

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux