Re: [squid-users] problem blocking cookies

From: Hasanen AL-Bana <hasanen_at_gmail.com>
Date: Tue, 18 Jan 2011 16:56:29 +0300

True ,most secure sites set their cookies over HTTPS.

On Tue, Jan 18, 2011 at 4:52 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 19/01/11 01:44, Alexander Curvers wrote:
>>
>> thanks for your response Amos,
>>
>>
>> 2011/1/18 Amos Jeffries<squid3_at_treenet.co.nz>:
>>>
>>> On 18/01/11 21:04, Hasanen AL-Bana wrote:
>>>>
>>>> don't you have to define ACL first ?
>>>
>>> "all" shoudld be in the 2.7 config anyways.
>>>
>> not exactly sure what you mean by this
>
> A squid-2.7 which lacks the line "acl all src all" is broken and Squid won't
> start.
>
>>>>
>>>> On Tue, Jan 18, 2011 at 1:23 AM, Alexander Curvers<acurvers_at_gmail.com>
>>>>  wrote:
>>>>>
>>>>> Hi i am running Version 2.7.STABLE3 on Debian
>>>>>
>>>>> im trying to block cookies
>>>>>
>>>>> ive added these lines to my config (and reloaded)
>>>>>
>>>>> header_access Cookie deny all
>>>>> header_access Set-Cookie deny all
>>>>>
>>>>> but no effect... what am i missing?
>>>>>
>>>
>>> Check if the site is using Set-Cookie2 or Cookie2 headers. 2.7 does not
>>> support them.
>>>
>>> Otherwise the site is using some non-header way of setting the cookies.
>>> They
>>> can be set via HTML tags or any one of a dozen scripting languages or any
>>> number of browser plugins and downloadable code. All of which are outside
>>> Squid's control.
>>>
>>
>> i could check using firebug or another plugin to see the cookie
>> headers.. the site i tried was google and gmail and some random cookie
>> test sites
>> if its using Cookie2 headers i might block them using a regex filter
>> or something even in 2.7 ?
>
> Ah, gmail. If it's on their HTTPS pages Squid does not see any of the the
> actual transaction headers. Just a few on the CONNECT tunnel.
>
>
> If it is Cookie2 you will have to port a simple 6-line patch and rebuild
> your Squid
> http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10174.patch
>
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.10
>  Beta testers wanted for 3.2.0.4
>
Received on Tue Jan 18 2011 - 13:56:59 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 18 2011 - 12:00:03 MST