Re: [squid-users] Useragent request/reply headers with squid .
ok if my question is not suitable or dangerous …. i do apologise . i will try to google it myself . Thank you for your time . > On 15 Jun 2019, at 12:41, Antony Stone > wrote: > > On Saturday 15 June 2019 at 11:37:29, --Ahmad-- wrote: > >> Guys im just trying to understand HTTP protocol and squid as GW for >> internet . > > Hm, "understand" or "break" :) ? > >> i just want to know how can squid deal with headers . > > You *have* read the warning / advice at > http://www.squid-cache.org/Doc/config/request_header_access/ > "Doing this VIOLATES the HTTP standard. Enabling this feature could make you > liable for problems which it causes." ? > >> i just want to know how can squid prevent useragent from browser being sent >> to website > > Why? What is your purpose for this? > > > Antony. > > -- > I still maintain the point that designing a monolithic kernel in 1991 is a > fundamental error. Be thankful you are not my student. You would not get a > high grade for such a design :-) > - Andrew Tanenbaum to Linus Torvalds > > Please reply to the list; > please *don't* CC me. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Useragent request/reply headers with squid .
On Saturday 15 June 2019 at 11:37:29, --Ahmad-- wrote: > Guys im just trying to understand HTTP protocol and squid as GW for > internet . Hm, "understand" or "break" :) ? > i just want to know how can squid deal with headers . You *have* read the warning / advice at http://www.squid-cache.org/Doc/config/request_header_access/ "Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems which it causes." ? > i just want to know how can squid prevent useragent from browser being sent > to website Why? What is your purpose for this? Antony. -- I still maintain the point that designing a monolithic kernel in 1991 is a fundamental error. Be thankful you are not my student. You would not get a high grade for such a design :-) - Andrew Tanenbaum to Linus Torvalds Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Useragent request/reply headers with squid .
On 15/06/19 8:57 pm, --Ahmad-- wrote:
> Hello Folks ,
>
> im trying to disable user agent info to be leaked out of squid using :
>
> request_header_access User-Agent deny all
> reply _header_access User-Agent deny all
>
> squid very 3.5.x
>
>
> but when i test sending the user agent info via curl info it seems squid
> is not removing it and passing it to the server
>
> curl -x x.x.x.x:19000 -U pass:pass -X POST
> https://uploadbeta.com/api/parse-user-agent/ -d
> "s=nUser-Agent:%20Mozilla/4.0%20(compatible;%20MSIE%207.0;%20linux%20NT%206.1)”
>
> result ——> {"platform":"linux","browser":"MSIE","version":"7.0”}
>
>
> as you see above i tried with squid to disable useragent , but in curl
> it seems squid leaked it
>
> any idea why squid leaking useragent ?
Besides what the others have already pointed out; you are also sending a
U-A string as message data. Not in a header.
So there is no way to tell from your test:
* whether the HTTP message available to Squid has a U-A header at all, and
* whether the header is in a form Squid has access to remove
(decrypted), and
* whether the form processor is using the form data or the MIME data
(header)
In short. This test is so incorrect as to not produce even useful side
effects.
I suggest you use cache.log and "debug_options 11,2" to see what
messages and headers are entering and leaving Squid.
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Useragent request/reply headers with squid .
Guys im just trying to understand HTTP protocol and squid as GW for internet . i just want to know how can squid deal with headers . i just want to know how can squid prevent useragent from browser being sent to website Thanks > On 15 Jun 2019, at 12:10, Walter H. wrote: > > On 15.06.2019 10:57, --Ahmad-- wrote: >> >> Hello Folks , >> >> im trying to disable user agent info to be leaked out of squid using : >> >> request_header_access User-Agent deny all >> reply _header_access User-Agent deny all >> >> squid very 3.5.x >> > the reply_header_access is sensless, remove it > and add the following > > request_header_replace User-Agent Mozilla/5.0 > > but be aware the mass of website admins might rely on this, and you would not > get a reply anyway ... > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Useragent request/reply headers with squid .
Hello Folks ,
im trying to disable user agent info to be leaked out of squid using :
request_header_access User-Agent deny all
reply _header_access User-Agent deny all
squid very 3.5.x
but when i test sending the user agent info via curl info it seems squid is not
removing it and passing it to the server
curl -xx.x.x.x:19000-U pass:pass -X POST
https://uploadbeta.com/api/parse-user-agent/ -d
"s=nUser-Agent:%20Mozilla/4.0%20(compatible;%20MSIE%207.0;%20linux%20NT%206.1)”
result ——> {"platform":"linux","browser":"MSIE","version":"7.0”}
as you see above i tried with squid to disable useragent , but in curl it seems
squid leaked it
any idea why squid leaking useragent ?
Thanks
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
