Adding an HTTP request header with Squid

squid http-headers google application
25,876

Solution 1

Do you can with new Squid 3.3 that support the command "request_header_add". I used CentOS for do it.

My Squid.conf is:

acl CONNECT method CONNECT
visible_hostname MySERVER.local
acl local src 192.168.0.0/24
http_access allow local
ssl_bump client-first all
always_direct allow all
http_port 3128 ssl_bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem
request_header_add X-GoogApps-Allowed-Domains "mycompany.com" all
cache_dir ufs /usr/local/squid/var/cache 8192 32 256

For SSL certificates, do you need to generate with openSSL:

openssl req -new -newkey rsa:1024 -days 36500 -nodes -x509 -keyout /usr/local/squid/etc/cert.pem -out /usr/local/squid/etc/cert.pem

And for users can't view errors in browsers, install this as a root trusted in each computer or add into your Active Directory (google may help for this).

openssl x509 -in /usr/local/squid/etc/cert.pem -outform DER -out /usr/local/squid/etc/cert.der

Solution 2

As per the Squid FAQ:

Squid.conf ACLs

Header modification via Squid ACLs is limited to deleting a header or replacing a matching header with a constant string.

In other words, you won't be able to add arbitrary request headers simply by using Squid ACLs. The Squid ACLs limit you to deleting existing headers or replacing existing headers, but don't allow addition of new headers. The only way to add new headers is by making use of an ICAP server together with Squid. For more information, see the ICAP section in the Squid FAQ.

Solution 3

Using squid, you will:

  1. Set up dyanmic SSL certificate generation. Install the root certificate in the web clients' browsers.
  2. Set up SSL Bump to intercept proxied SSL/TLS traffic.
  3. Use ACLs to insert your desired header(s).
Share:
25,876

Related videos on Youtube

boblin
Author by

boblin

Updated on September 18, 2022

Comments

  • boblin
    boblin over 1 year

    I want to permit my users to login to Google apps only for my domain. I found a solution by adding the HTTP header X-GoogApps-Allowed-Domains as described in this Google help page.

    I use Squid, but can't figure out how to configure Squid to do this. How can I add this request header using Squid?

  • chutz
    chutz about 7 years
    Well, this answer is no longer true.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Google searching requires captcha when using proxy server
Remove X-Forwarded-For header in Squid 3.0
How to support HTTP headers NetworkImage in flutter web
Headers not being set on http Flutter
Flutter - VideoPlayer - Support http headers while constructing video controller from network datasource
flutter - no json is sent in the body of my http post
How can I add multiple headers in Flutter GET Api request
How to isolate the HTTP headers/body from a PHP Sockets request
Angular 7 not sending correct header on request
Reverse proxy from nginx to squid