On Sunday, June 16, 2013 03:38:40 AM Amos Jeffries wrote:
> On 16/06/2013 3:34 a.m., CACook wrote:
> > On Saturday, June 15, 2013 09:38:56 PM Amos Jeffries wrote:
> >
> >> Because that is just a documentation example detailing which headers the
> >> old obsolete feature "http_anonymizer paranoid" would remove and how to
> >> setup the current header removal feature to behave the same. Since that
> >> old feature existed things have moved on, both in Squid configuration
> >> abilites, HTTP protocol specifications, and Squid support for those
> >> specifications.
> > And thanks for not updating the config file.
> > And double-thanks for not giving a hint here how to set up for the new system.
>
> The problem is simply that _nobody_ with any interest in anonymous
> proxies has submitted any updates to that section in many years. I did
> go through recently and split the request/reply header lists properly to
> remove invalid details from the description, but I have no interest in
> anonymous proxies myself so going through the difficulty of researching
> all the headers involved with privacy and anonymization and what all
> their effects are is not something I'm interested in spending time on.
>
> As someone in the group benefiting from the feature do you yourself have
> any contributions towards the documentation?
> Textual suggestions are welcome, patches against src/cf.data.pre even
> more so.
>
> NOTE: If left to me (it *is* on my todo list somewhere ahead to document
> my experiences in the area), I would do something along the lines of a
> wiki page (http://wiki.squid-cache.org/Features/ClientPrivacy) and
> removing the examples from the config file entirely. I have strong
> opinions about the difference between anonymity and privacy and how
> important that difference is. So what you ended up with as documentation
> might shock or not meet your needs.
>
> > After many inquiries here I find that information here is a jealously-guarded secret. I don't know what you guys have against one another, but it is crippling Squid.
>
> As one of the people who spends all day answering questions without
> remuneration of any kind I find this quite saddening that you have that
> opinion. What knowledge exists has been at your disposal. I've even been
> druging through the code to find out what might be causing the strange
> symptoms you describe, but found nothing yet...
> The parser for both request_header_access and request_header_replace
> begin by parsing the header name then looking up the *same* list of
> objects to see if a mangler for that header already exists - creating
> one if missing, then add the current lines details to the result for
> controlling what happens to the header. Both paths seem to result in an
> entry with a mangler existing regardless of the location and relative
> positions of either of the request_header_* lines which you have
> reporting as "not working" outside of a specific alignment.
> The *one* limitation on these manglers is that if there is no
> request_header_access list for the same header the replacement does not
> get run. Which if you recall was the meat in my first response.
>
>
> On the topic of anonymity and help with anonymous proxy configuration;
> Sadly it *is* the one topic you are most likely never to get people
> openly posting lots of details about. The ones who know most are
> unlikely to want their details permanently distributed on this list
> archive. Unlike proper privacy when a "trick" or protection of anonymity
> is outed it drops in usefulness as "them" learn about it and devise ().
> Everybodies opinions of what headers should be added/removed or
> replaced (and with what) is different. Removing and altering other
> services headers is itself a violation of the HTTP specifications by the
> proxy. So everybody who actually *uses* these directives is pretty much
> abusing HTTP. "We the Project" don't offer an official opinion or
> recommendation about should or should not for most headers - as
> demonstrated by that config file text being a simple notice of the old
> features deprecation and a list of what the old feature did in terms of
> the new one, not an endorsement or guarantee of any header in it.
> In short you are left to devise the method for your own anonymity - we
> can but help if some specific goes wrong.
>
> Amos
I didn't know that you had spent any but a brief consideration of the anonymized headers. Thanks for your effort.
It is surprising that so little information is known in this area. This is the reason for my discouragement. I am a real estate developer not a coder, so am only in a position to ask for guidance and follow instructions. I'll give up on this effort for now.
Received on Sat Jun 15 2013 - 17:01:38 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 15 2013 - 12:00:08 MDT