Re: user_auth header striping whith squid? from Lothar Gramelspacher on 1999-07-02 (squid-users)

From: Lothar Gramelspacher <lothar@dont-contact.us>
Date: Fri, 02 Jul 1999 10:15:28 +0200

Hi Henrik,
Hi squid-users,

I`ll try again:

We are looking for a way to remove the proxy_auth passwords from the
http header of any outgoing http packet. We need this to avoid leeking
passwords out to the internet, because under certain circumstances a
firewall does not remove the proxy_autch and sends this information to
the destination server. This is a bug in the firewallsoftware and we are
looking for a workaround to filter these fields out of the header.

In other words, we just need a software, which ist able to make sure,
that there are no http proxy_auth information is left in the http header
field.

I played around with the following acls together with a small perl
srcipt as an authentication porgramm, which just sends OK as an reply,
but it does not work in the way I expected:

acl strip proxy_auth user REQUIRED
http_access allow !strip
http_access allow strip

The idea was, to make squid using proxy_auth, if there is any proxy_auth
in the header and not doing it, if there is no proxy_auth information in
the header, but squid requsts an proxy_authentication, if none is send.

Maybe, we have to patch squid, to get this functionality....

Has anybody some ideas

Lothar

Henrik Nordstrom wrote:
>
> Sorry, I do not understand the question.
>
> Please rephrase it, and provide some examples.
>
> --
> Henrik Nordstrom
> Spare time Squid hacker
>
> Lothar Gramelspacher wrote:
> >
> > Hi,
> >
> > I am looking for a way to use squid to strip all user_auth headers.
> >
> > I don`t need user_auth, I just want him to remove the user_auth
> > information. The real user_auth is made by an other system.
> >
> > Is there a way to use squid for this purpose? If it is only possible by
> > modifying the source it would be nice if you have some hints for mee
> > too.
> >
> > Thanks
> >
> > Lothar
> >

-- 
----------------------------------------------------------------------
Lothar Gramelspacher                    E-mail: lothar@netstuff.ch
Netstuff AG                             Web   : http://www.netstuff.ch
Raeffelstrasse 29                       Voice : +41 1 457 64 64
CH-8045 Zurich                          Fax   : +41 1 457 64 65
----------------------------------------------------------------------

Received on Fri Jul 02 1999 - 02:13:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:16 MST