[squid-users] Squid mitigation of advanced persistent tracking

From: John Hardin <jhardin_at_impsec.org>
Date: Tue, 2 Aug 2011 13:39:51 -0700 (PDT)


The analysis of the APT techniques used by Kissmetrics (at
http://www.wired.com/epicenter/2011/07/undeletable-cookie/) is interesting
if thin, and suggests one way that Squid might be leveraged to interfere
with such tracking: deleting the "Etag:" header from request replies.

I know having the proxy fiddle with HTTP reply headers is against the HTTP
protocol, and that the reply_header_access option only allows fine-grain
manipulation of registered HTTP headers, and that this is fraught with the
potential for devolving into a game of whack-a-mole, but it seems to me
that this should at least be explored, and may be an argument for opening
the reply_header_access option up to fine-grain manipulation of any
arbitrary HTTP header.

I do know that right now I would sure like to be able to do:

    reply_header_access Etag deny all

without hacking the Squid sources to add the "Etag" header...


  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin_at_impsec.org    FALaholic #11174     pgpk -a jhardin_at_impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
   If guns kill people, then...
     -- pencils miss spel words.
     -- cars make people drive drunk.
     -- spoons make people fat.
  3 days until the 276th anniversary of John Peter Zenger's acquittal
Received on Tue Aug 02 2011 - 20:39:57 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 03 2011 - 12:00:02 MDT