| Index | Alphabetical Index |
Option Name: | request_header_access |
---|---|
Replaces: | |
Requires: | --enable-http-violations |
Default Value: | none |
Suggested Config: |
|
Usage: request_header_access header_name allow|deny [!]aclname ... WARNING: Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems which it causes. This option replaces the old 'anonymize_headers' and the older 'http_anonymizer' option with something that is much more configurable. A list of ACLs for each header name allows removal of specific header fields under specific conditions. This option only applies to outgoing HTTP request headers (i.e., headers sent by Squid to the next HTTP hop such as a cache peer or an origin server). The option has no effect during cache hit detection. The equivalent adaptation vectoring point in ICAP terminology is post-cache REQMOD. The option is applied to individual outgoing request header fields. For each request header field F, Squid uses the first qualifying sets of request_header_access rules: 1. Rules with header_name equal to F's name. 2. Rules with header_name 'Other', provided F's name is not on the hard-coded list of commonly used HTTP header names. 3. Rules with header_name 'All'. Within that qualifying rule set, rule ACLs are checked as usual. If ACLs of an "allow" rule match, the header field is allowed to go through as is. If ACLs of a "deny" rule match, the header is removed and request_header_replace is then checked to identify if the removed header has a replacement. If no rules within the set have matching ACLs, the header field is left as is. For example, to achieve the same behavior as the old 'http_anonymizer standard' option, you should use: request_header_access From deny all request_header_access Referer deny all request_header_access Server deny all request_header_access User-Agent deny all request_header_access WWW-Authenticate deny all request_header_access Link deny all Or, to reproduce the old 'http_anonymizer paranoid' feature you should use: request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access All deny all although many of those are HTTP reply headers, and so should be controlled with the reply_header_access directive. By default, all headers are allowed (no anonymizing is performed). |
|
| Index | Alphabetical Index |