Re: [squid-users] Useragent request/reply headers with squid .
ok if my question is not suitable or dangerous …. i do apologise . i will try to google it myself . Thank you for your time . > On 15 Jun 2019, at 12:41, Antony Stone > wrote: > > On Saturday 15 June 2019 at 11:37:29, --Ahmad-- wrote: > >> Guys im just trying to understand HTTP protocol and squid as GW for >> internet . > > Hm, "understand" or "break" :) ? > >> i just want to know how can squid deal with headers . > > You *have* read the warning / advice at > http://www.squid-cache.org/Doc/config/request_header_access/ > "Doing this VIOLATES the HTTP standard. Enabling this feature could make you > liable for problems which it causes." ? > >> i just want to know how can squid prevent useragent from browser being sent >> to website > > Why? What is your purpose for this? > > > Antony. > > -- > I still maintain the point that designing a monolithic kernel in 1991 is a > fundamental error. Be thankful you are not my student. You would not get a > high grade for such a design :-) > - Andrew Tanenbaum to Linus Torvalds > > Please reply to the list; > please *don't* CC me. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Useragent request/reply headers with squid .
On Saturday 15 June 2019 at 11:37:29, --Ahmad-- wrote: > Guys im just trying to understand HTTP protocol and squid as GW for > internet . Hm, "understand" or "break" :) ? > i just want to know how can squid deal with headers . You *have* read the warning / advice at http://www.squid-cache.org/Doc/config/request_header_access/ "Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems which it causes." ? > i just want to know how can squid prevent useragent from browser being sent > to website Why? What is your purpose for this? Antony. -- I still maintain the point that designing a monolithic kernel in 1991 is a fundamental error. Be thankful you are not my student. You would not get a high grade for such a design :-) - Andrew Tanenbaum to Linus Torvalds Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Useragent request/reply headers with squid .
On 15/06/19 8:57 pm, --Ahmad-- wrote: > Hello Folks , > > im trying to disable user agent info to be leaked out of squid using : > > request_header_access User-Agent deny all > reply _header_access User-Agent deny all > > squid very 3.5.x > > > but when i test sending the user agent info via curl info it seems squid > is not removing it and passing it to the server > > curl -x x.x.x.x:19000 -U pass:pass -X POST > https://uploadbeta.com/api/parse-user-agent/ -d > "s=nUser-Agent:%20Mozilla/4.0%20(compatible;%20MSIE%207.0;%20linux%20NT%206.1)” > > result ——> {"platform":"linux","browser":"MSIE","version":"7.0”} > > > as you see above i tried with squid to disable useragent , but in curl > it seems squid leaked it > > any idea why squid leaking useragent ? Besides what the others have already pointed out; you are also sending a U-A string as message data. Not in a header. So there is no way to tell from your test: * whether the HTTP message available to Squid has a U-A header at all, and * whether the header is in a form Squid has access to remove (decrypted), and * whether the form processor is using the form data or the MIME data (header) In short. This test is so incorrect as to not produce even useful side effects. I suggest you use cache.log and "debug_options 11,2" to see what messages and headers are entering and leaving Squid. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Useragent request/reply headers with squid .
Guys im just trying to understand HTTP protocol and squid as GW for internet . i just want to know how can squid deal with headers . i just want to know how can squid prevent useragent from browser being sent to website Thanks > On 15 Jun 2019, at 12:10, Walter H. wrote: > > On 15.06.2019 10:57, --Ahmad-- wrote: >> >> Hello Folks , >> >> im trying to disable user agent info to be leaked out of squid using : >> >> request_header_access User-Agent deny all >> reply _header_access User-Agent deny all >> >> squid very 3.5.x >> > the reply_header_access is sensless, remove it > and add the following > > request_header_replace User-Agent Mozilla/5.0 > > but be aware the mass of website admins might rely on this, and you would not > get a reply anyway ... > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Useragent request/reply headers with squid .
Hello Folks , im trying to disable user agent info to be leaked out of squid using : request_header_access User-Agent deny all reply _header_access User-Agent deny all squid very 3.5.x but when i test sending the user agent info via curl info it seems squid is not removing it and passing it to the server curl -xx.x.x.x:19000-U pass:pass -X POST https://uploadbeta.com/api/parse-user-agent/ -d "s=nUser-Agent:%20Mozilla/4.0%20(compatible;%20MSIE%207.0;%20linux%20NT%206.1)” result ——> {"platform":"linux","browser":"MSIE","version":"7.0”} as you see above i tried with squid to disable useragent , but in curl it seems squid leaked it any idea why squid leaking useragent ? Thanks ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users