On Thu, 2008-01-17 at 17:01 +0100, Bourdaraud Vincent (NSN - FR/St-Ouen)
wrote:
> I'm new to squid. It looks overall pretty good, by I found a show
> stopper for our project :(
>
> We use squid 3.0 STABLE1 compiled with --enable-icap-client and
> configured to delegate all HTTP request to our ICAP server. We need
> squid to add some information processed by our ICAP server within its
> HTTP transaction logs (basically, this information is a user unique ID).
> This information is very sensitive and must not be forwarded to
> origin-servers.
>
> I've read FAQ, docs and played with squid and found no solution since
> squid is not able to ICAP header and not able to log HTTP headers before
> they are removed with header_access rules
>
> Do you guys have some idea?
One hack you could try is to add "Connection: X-FOO" HTTP header in hope
that Squid will log and then remove it before forwarding. I have not
tried that and do not know whether hop-by-hop headers are removed late
enough for this ugly hack to work.
If logging and then removing HTTP headers is not possible, then I think
we should add a feature to log ICAP response headers. Can your server
return the needed information in the ICAP response header instead of the
HTTP message header?
Thank you,
Alex.
Received on Mon Jan 21 2008 - 10:35:59 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST