[squid-users] HTTP_VIA

From: Florin Andrei <[email protected]>
Date: 24 Oct 2002 12:36:08 -0700

Yeah, i am aware of the security implications of it, i only asked for
any (good or bad) experiences with disabling it. From some answers i
received on my private address, it looks like it shouldn't break (too
many) things.

Next question: is HTTP_VIA mandatory? What happens if i disable it? I
mean, will it break any websites?

On Wed, 2002-10-23 at 10:29, Jeremy Junginger wrote:
> It definitely adds some traceability to websites that are logging this
> field. Purely from a security perspective, I would say if you do not
> need it for user-level tracking, it may be a good idea to disable it.
> If you are using private addressing on your network, it could disclose
> some information about your internal network topology that you may not
> want to be public. Just a thought. Take it with a grain of salt.
>
> -jeremy
>
> -----Original Message-----
> From: Florin Andrei [mailto:florin@sgi.com]
> Sent: Wednesday, October 23, 2002 10:22 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] X_FORWARDED_FOR
>
>
> How useful really is X_FORWARDED_FOR ?
> Did anyone experienced bad things (like, websites that do not work
> anymore) after disabling X_FORWARDED_FOR ?
>
> --
> Florin Andrei
>
> I hope you're not that kind of person, who at the same time praises the
> BSD license, but bitches at monopolies.
>

-- 
Florin Andrei
I hope you're not that kind of person, who at the same time
praises the BSD license, but bitches at monopolies.
Received on Thu Oct 24 2002 - 13:36:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:54 MST