Squid request_header_add with https

proxy https squid
6,426

Solution 1

I ended up doing the following in my squid.conf:

http_port 3128 accel defaultsite=my.httpsServer.com protocol=HTTPS vport=8443 allow-direct no-vhost
request_header_add X-Custom-Header "customheadervalue" all

It seems to be working fine. All my requests to the proxy (made over http) are rewritten in https with the custom header parameter. This seems to be exactly what I needed

Solution 2

In most scenario's with SSL Squid isn't forwarding the request on your behalf, which is what allows Squid to modify the traffic and insert additional headers on plain HTTP request. With HTTPS/SSL/TLS Squid allows your browser to CONNECT directly to the HTTPS host.

Squid only forwards the encrypted traffic between your browser and the remote server, which, because it is encrypted, duh, can't be modified by Squid. No headers can be inserted because the HTTP headers are within the encrypted data stream.

The subtlety is the difference between forwarding a request, which implies the understanding of the HTTP protocol and forwarding encrypted packets where the HTTP protocol is encrypted and hidden in the TCP/IP stream.

Share:
6,426

Related videos on Youtube

user313551
Author by

user313551

Updated on September 18, 2022

Comments

  • user313551
    user313551 over 1 year

    I'm trying to configure my squid proxy to add a header to all my requests. There is nothing fancy about the configuration. I have the following:

    request_header_add X-Custom-Header "customheadervalue" all

    This works for http requests but it will not add any headers for https requests. Is there any configuration I should be doing to make this work? Shouldn't squid be able to add this header to the request before the https is made?

    Additionally I noticed that x-forwarded-for is also omitted over https but not on http. I feel like I'm missing something obvious here.

  • user313551
    user313551 almost 10 years
    That makes sense. So instead could I do the following then? : Client request (HTTP) -> Squid proxy (Adds header, forwards request to HTTPS) -> Server (HTTPS)
  • Zoredache
    Zoredache almost 10 years
    @user313551, if you really think you need this you have to setup squid to perform a MITM for the https session. It is a not trivial to setup because you must build your own CA, and inject the root cert into all browsers behind the proxy. See: serverfault.com/search?q=squid+https+bump

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Transparent HTTP/HTTPS domain filtering proxy
How to properly setup squid3 as HTTPS proxy?
squid and https URLs
Logging HTTPS traffic through a proxy
Configure Squid as an HTTPS forward proxy?
Is there any way to cache HTTPS requests in a proxy server?
Pages don't get blocked with Squid over HTTPS
Transparent proxy for HTTPS traffic
Setup HTTPs Forward Proxy with HAProxy
Reverse proxy from nginx to squid