About two HTTP headers

From: Zhao <zdp@dont-contact.us>
Date: Thu, 11 Mar 2004 10:27:57 +0800

Hi,all,

        When I surf the Internet through squid, the squid can add two headers HTTP_X_FORWARDED_FOR and HTTP_VIA to forward clients' request. It can be proven by http://www.schroepl.net/cgi-bin/http_trace.pl. There is a problem to violate person/corporation's privacy, I think. One hacker can infer the net topology behind squid from these two headers.
        However, there is a squid.conf directive 'forwarded_for on/off' to process the former header, though it is default 'on' to enable it and 'off' for 'unknown' according the source code src/http.c.
        Is there a new squid.conf directive to enable/disable the HTTP_VIA header? By referencing the implementation of 'forwarded_for' directive, I modify the code squid-2.5STABLE5, and it works. So if there is a realy need, I will post the patch.
         
        Regards,

                    Zhao
Received on Wed Mar 10 2004 - 19:22:28 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:04 MST