RE: [squid-users] Debian Squeeze/Squid/ --enable-http-violations / header_replace User-Agent no effect

From: Jenny Lee <bodycare_5_at_live.com>
Date: Thu, 4 Aug 2011 11:39:04 +0000

> Date: Thu, 4 Aug 2011 10:45:57 +0200
> From: junk4_at_klunky.co.uk
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Debian Squeeze/Squid/ --enable-http-violations / header_replace User-Agent no effect
>
> Hi,
>
> I have recompiled squid3 on Debian Squeeze because the Debian repo' deb
> omits the --enable-ssl' '--enable-http-violations' options.
>
> For testing purposes I added this into the squid.conf:
> header_replace User-Agent Mozilla
>
> However, the user agent is not replaced when the client connects with a
> test apache server: (from the access.log)
> 62.123.123.123 - - [04/Aug/2011:10:10:41 +0200] "GET /favicon.ico
> HTTP/1.1" 404 256 "-" "Mozilla/5.0 (Android; Linux armv7l; rv:5.0)
> Gecko/20110615 Firefox/5.0 Fennec/5.0"
>
> I know that its coming in via the squid proxy because the IP address is
> that of the squid proxy, although obfuscated in example above.
>
> I read the squid-proxy.org details and the syntax looks correct, and
> squid did not choke on it.

header replacement takes places when an acl denies header_access.

header_access User-Agent deny all
header_replace User-Agent Mozilla

If it didn't work:
request_header_access User-Agent deny all
header_replace User-Agent Mozilla

"header_access" branched into: "request_header_access" and "reply_header_access"

I use 3.2 and the 2nd invocation works for me. Of course, Amos can give better details when this was changed or what you should use. But to save his time, you can try both options above.

You will also be facing problems if you are using proxy authentication usernames and upstream peers. In first case, it will sometimes works, sometimes not. In 2nd case, it will not work. You will need to upgrade to latest 3.2's for more stable results. Those didn't even work for me before 3.2.0.7, so I am assuming it will not be working with 3.1's unless the release is very recent.

Actually come to think of it, upstream peers does not work even in latest 3.2's. I think I had a temporary private solution from developers for this.

Jenny
Received on Thu Aug 04 2011 - 11:39:10 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 04 2011 - 12:00:01 MDT