On 15/06/19 8:57 pm, --Ahmad-- wrote: > Hello Folks , > > im trying to disable user agent info to be leaked out of squid using : > > request_header_access User-Agent deny all > reply _header_access User-Agent deny all > > squid very 3.5.x > > > but when i test sending the user agent info via curl info it seems squid > is not removing it and passing it to the server > > curl -x x.x.x.x:19000 -U pass:pass -X POST > https://uploadbeta.com/api/parse-user-agent/ -d > "s=nUser-Agent:%20Mozilla/4.0%20(compatible;%20MSIE%207.0;%20linux%20NT%206.1)” > > result ——>>>>>>>>> {"platform":"linux","browser":"MSIE","version":"7.0”} > > > as you see above i tried with squid to disable useragent , but in curl > it seems squid leaked it > > any idea why squid leaking useragent ? Besides what the others have already pointed out; you are also sending a U-A string as message data. Not in a header. So there is no way to tell from your test: * whether the HTTP message available to Squid has a U-A header at all, and * whether the header is in a form Squid has access to remove (decrypted), and * whether the form processor is using the form data or the MIME data (header) In short. This test is so incorrect as to not produce even useful side effects. I suggest you use cache.log and "debug_options 11,2" to see what messages and headers are entering and leaving Squid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
