Dansguardian Issues

Michael Torrie torriem at gmail.com
Sun Apr 4 11:14:16 MDT 2010


On 04/04/2010 12:17 AM, Richard Esplin wrote:
> On a PLUG thread from March 27, Jon Jensen suggested that I add these two lines to my squid.conf to make it harder for sites to recognize that I am using Squid (and thus less likely that they will break just because of Squid):
> 
> header_access X-Forwarded-For deny all
> header_access Via deny all

I did some sniffing and found that Squid was not sending either header
with the request already, but Tinyproxy actually did send the via
header.  Squid also used a keep-alive connection, whereas tinyproxy used
"closed."  Squid received data from the server that included
"Transfer-encoding: chunked" whereas tinyproxy did not.

And actually the packet sniff shows that the web page was in fact
downloaded by squid.  But somehow squid is not passing it on.  So it
looks to be a bug in Squid.


More information about the PLUG mailing list