Squid configuration directive request_header_access
Available in: v7 v6 v5 v4 3.5 3.4 3.3 3.2 3.1 3.0
For older versions than v4 see the linked pages above
Configuration Details:
Option Name: | request_header_access |
---|---|
Replaces: | |
Requires: | --enable-http-violations |
Default Value: | No limits. |
Suggested Config: |
|
Usage: request_header_access header_name allow|deny [!]aclname ... WARNING: Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems which it causes. This option replaces the old 'anonymize_headers' and the older 'http_anonymizer' option with something that is much more configurable. A list of ACLs for each header name allows removal of specific header fields under specific conditions. This option only applies to outgoing HTTP request headers (i.e., headers sent by Squid to the next HTTP hop such as a cache peer or an origin server). The option has no effect during cache hit detection. The equivalent adaptation vectoring point in ICAP terminology is post-cache REQMOD. The option is applied to individual outgoing request header fields. For each request header field F, Squid uses the first qualifying sets of request_header_access rules: 1. Rules with header_name equal to F's name. 2. Rules with header_name 'Other', provided F's name is not on the hard-coded list of commonly used HTTP header names. 3. Rules with header_name 'All'. Within that qualifying rule set, rule ACLs are checked as usual. If ACLs of an "allow" rule match, the header field is allowed to go through as is. If ACLs of a "deny" rule match, the header is removed and request_header_replace is then checked to identify if the removed header has a replacement. If no rules within the set have matching ACLs, the header field is left as is. For example, to achieve the same behavior as the old 'http_anonymizer standard' option, you should use: request_header_access From deny all request_header_access Referer deny all request_header_access User-Agent deny all Or, to reproduce the old 'http_anonymizer paranoid' feature you should use: request_header_access Authorization allow all request_header_access Proxy-Authorization allow all request_header_access Cache-Control allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Connection allow all request_header_access All deny all HTTP reply headers are controlled with the reply_header_access directive. By default, all headers are allowed (no anonymizing is performed). |
|
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
Miscellaneous
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork
Web Site Translations
Mirrors
- Website:
- ... full list
- FTP Package Archive