Re: Re: [squid-users] User Agent Setting Not Being Used
On Saturday, June 15, 2013 09:38:56 PM Amos Jeffries wrote: Because that is just a documentation example detailing which headers the old obsolete feature http_anonymizer paranoid would remove and how to setup the current header removal feature to behave the same. Since that old feature existed things have moved on, both in Squid configuration abilites, HTTP protocol specifications, and Squid support for those specifications. And thanks for not updating the config file. And double-thanks for not giving a hint here how to set up for the new system. After many inquiries here I find that information here is a jealously-guarded secret. I don't know what you guys have against one another, but it is crippling Squid.
Re: Re: [squid-users] User Agent Setting Not Being Used
On Sunday, June 16, 2013 03:38:40 AM Amos Jeffries wrote: On 16/06/2013 3:34 a.m., CACook wrote: On Saturday, June 15, 2013 09:38:56 PM Amos Jeffries wrote: Because that is just a documentation example detailing which headers the old obsolete feature http_anonymizer paranoid would remove and how to setup the current header removal feature to behave the same. Since that old feature existed things have moved on, both in Squid configuration abilites, HTTP protocol specifications, and Squid support for those specifications. And thanks for not updating the config file. And double-thanks for not giving a hint here how to set up for the new system. The problem is simply that _nobody_ with any interest in anonymous proxies has submitted any updates to that section in many years. I did go through recently and split the request/reply header lists properly to remove invalid details from the description, but I have no interest in anonymous proxies myself so going through the difficulty of researching all the headers involved with privacy and anonymization and what all their effects are is not something I'm interested in spending time on. As someone in the group benefiting from the feature do you yourself have any contributions towards the documentation? Textual suggestions are welcome, patches against src/cf.data.pre even more so. NOTE: If left to me (it *is* on my todo list somewhere ahead to document my experiences in the area), I would do something along the lines of a wiki page (http://wiki.squid-cache.org/Features/ClientPrivacy) and removing the examples from the config file entirely. I have strong opinions about the difference between anonymity and privacy and how important that difference is. So what you ended up with as documentation might shock or not meet your needs. After many inquiries here I find that information here is a jealously-guarded secret. I don't know what you guys have against one another, but it is crippling Squid. As one of the people who spends all day answering questions without remuneration of any kind I find this quite saddening that you have that opinion. What knowledge exists has been at your disposal. I've even been druging through the code to find out what might be causing the strange symptoms you describe, but found nothing yet... The parser for both request_header_access and request_header_replace begin by parsing the header name then looking up the *same* list of objects to see if a mangler for that header already exists - creating one if missing, then add the current lines details to the result for controlling what happens to the header. Both paths seem to result in an entry with a mangler existing regardless of the location and relative positions of either of the request_header_* lines which you have reporting as not working outside of a specific alignment. The *one* limitation on these manglers is that if there is no request_header_access list for the same header the replacement does not get run. Which if you recall was the meat in my first response. On the topic of anonymity and help with anonymous proxy configuration; Sadly it *is* the one topic you are most likely never to get people openly posting lots of details about. The ones who know most are unlikely to want their details permanently distributed on this list archive. Unlike proper privacy when a trick or protection of anonymity is outed it drops in usefulness as them learn about it and devise (). Everybodies opinions of what headers should be added/removed or replaced (and with what) is different. Removing and altering other services headers is itself a violation of the HTTP specifications by the proxy. So everybody who actually *uses* these directives is pretty much abusing HTTP. We the Project don't offer an official opinion or recommendation about should or should not for most headers - as demonstrated by that config file text being a simple notice of the old features deprecation and a list of what the old feature did in terms of the new one, not an endorsement or guarantee of any header in it. In short you are left to devise the method for your own anonymity - we can but help if some specific goes wrong. Amos I didn't know that you had spent any but a brief consideration of the anonymized headers. Thanks for your effort. It is surprising that so little information is known in this area. This is the reason for my discouragement. I am a real estate developer not a coder, so am only in a position to ask for guidance and follow instructions. I'll give up on this effort for now.
Re: Re: Re: [squid-users] Best OS
On Saturday, June 15, 2013 12:01:37 PM you wrote: On Saturday, June 15, 2013 07:37:48 PM Antony Stone wrote: On Saturday 15 June 2013 at 18:57, Bilal J.Mahdi wrote: Dear all Which OS is better for squid. Debian 7 or UBUNTU 10.04 ?? I'm not going to comment on the choice between Debian and Ubuntu (although I do look forward to others' comments on this), however if you're considering Ubuntu, you should at least plan to use 12.04, which is the most recent LTS (Long Term Support) edition. I ran Debian exclusively for 15 years, but all the applications just got too old, even if you're up-to-date. I ran Testing. Switched to Manjaro about six months ago and am very happy. It's Arch based and lightweight, especially with the XFCE desktop. I wouldn't have Ubuntu of any flavor after this: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
Re: Re: Re: [squid-users] User Agent Setting Not Being Used
On Wednesday, June 12, 2013 09:16:09 AM cac...@quantum-sci.com wrote: On Tuesday, June 11, 2013 02:50:32 PM Amos Jeffries wrote: On 11/06/2013 5:22 a.m., cac...@quantum-sci.com wrote: For some reason Squid is passing along my real UserAgent: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 ... rather than the one I'm telling it to pass along: request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) Anyone know why? You replacing headers requires request_header_access to remove the existing one first. Thanks, but it doesn't work. After this and a restart: request_header_access User-Agent deny all request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) ... still the true user agent. So no one can help with either of my problems. Not the unable to stay logged in, nor this one. Disappointing.
Re: Re: Re: Re: [squid-users] User Agent Setting Not Being Used
On Friday, June 14, 2013 06:42:41 AM you wrote: The following configuration works for me: == ... ... request_header_access All deny all request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) request_header_access User-Agent deny all request_header_access Accept allow all ... ... request_header_access All deny all == OK I don't fully understand your approach, but I started the request_header_access section like this and it works: request_header_access Allow allow all request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) request_header_access User-Agent deny all ... Putting request_header_replace User-Agent no longer works where it is in the Squid3 config file. It has to be put further up with the request_header_access directives. I don't understand though, why the config file says the old http_anonymizer paranoid would start with: request_header_access Allow allow all ?
Re: Re: Re: [squid-users] User Agent Setting Not Being Used
On Wednesday, June 12, 2013 09:16:09 AM cac...@quantum-sci.com wrote: On Tuesday, June 11, 2013 02:50:32 PM Amos Jeffries wrote: On 11/06/2013 5:22 a.m., cac...@quantum-sci.com wrote: For some reason Squid is passing along my real UserAgent: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 ... rather than the one I'm telling it to pass along: request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) Anyone know why? You replacing headers requires request_header_access to remove the existing one first. Thanks, but it doesn't work. After this and a restart: request_header_access User-Agent deny all request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) ... still the true user agent. Is anyone able to actually set user agent?
Re: Re: [squid-users] User Agent Setting Not Being Used
On Tuesday, June 11, 2013 02:50:32 PM Amos Jeffries wrote: On 11/06/2013 5:22 a.m., cac...@quantum-sci.com wrote: For some reason Squid is passing along my real UserAgent: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 ... rather than the one I'm telling it to pass along: request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) Anyone know why? You replacing headers requires request_header_access to remove the existing one first. Thanks, but it doesn't work. After this and a restart: request_header_access User-Agent deny all request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) ... still the true user agent.
[squid-users] User Agent Setting Not Being Used
For some reason Squid is passing along my real UserAgent: User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 ... rather than the one I'm telling it to pass along: request_header_replace User-Agent Mozilla/5.0 (compatible; Goog1ebot/2.1; +http://www.google.com/bot.html) Anyone know why?
Re: Re: [squid-users] Can't stay logged in
On Friday, May 31, 2013 07:51:08 AM cac...@quantum-sci.com wrote: On Wednesday, May 29, 2013 04:20:21 PM cac...@quantum-sci.com wrote: Does anyone know why I can't stay logged in to this site, with headers paranoid? http://www.cctvforum.com/ squid.conf: http://pastebin.ca/2384770 Here's what happens when I give my username and password on the site and try to log in: http://pastebin.ca/2394278 So with no filtering or errors in the log, it is a mystery why I can not stay logged in to the CCTV forum.
Re: Re: [squid-users] Can't stay logged in
On Thursday, June 06, 2013 09:38:41 PM Amos Jeffries wrote: On 6/06/2013 5:06 a.m., cac...@quantum-sci.com wrote: On Friday, May 31, 2013 07:51:08 AM cac...@quantum-sci.com wrote: On Wednesday, May 29, 2013 04:20:21 PM cac...@quantum-sci.com wrote: Does anyone know why I can't stay logged in to this site, with headers paranoid? http://www.cctvforum.com/ squid.conf: http://pastebin.ca/2384770 Here's what happens when I give my username and password on the site and try to log in: http://pastebin.ca/2385890 No one knows? Is there anyplace documented where I could learn which header items could be causing the problem? They key ones are all in here: http://www.ietf.org/rfc/rfc2616.txt notice the rules pertaining to proxies and gateways - which headers are mandatory for relay, insert or update. Amos I guess I give up. I have no errors in the logs when the failure occurs, so I just can't divine the problem.
Re: Re: [squid-users] Can't stay logged in
On Friday, May 31, 2013 07:51:08 AM cac...@quantum-sci.com wrote: On Wednesday, May 29, 2013 04:20:21 PM cac...@quantum-sci.com wrote: Does anyone know why I can't stay logged in to this site, with headers paranoid? http://www.cctvforum.com/ squid.conf: http://pastebin.ca/2384770 Here's what happens when I give my username and password on the site and try to log in: http://pastebin.ca/2385890 No one knows? Is there anyplace documented where I could learn which header items could be causing the problem?
Re: [squid-users] Can't stay logged in
On Wednesday, May 29, 2013 04:20:21 PM cac...@quantum-sci.com wrote: Does anyone know why I can't stay logged in to this site, with headers paranoid? http://www.cctvforum.com/ squid.conf: http://pastebin.ca/2384770 Here's what happens when I give my username and password on the site and try to log in: http://pastebin.ca/2385890 No one knows?
Re: Re: [squid-users] Can't stay logged in
On Friday, May 31, 2013 07:51:08 AM cac...@quantum-sci.com wrote: On Wednesday, May 29, 2013 04:20:21 PM cac...@quantum-sci.com wrote: Does anyone know why I can't stay logged in to this site, with headers paranoid? http://www.cctvforum.com/ squid.conf: http://pastebin.ca/2384770 Here's what happens when I give my username and password on the site and try to log in: http://pastebin.ca/2385890 No one knows? Wow. I can't believe that either no one else has this problem, or no one will help with this.
[squid-users] Can't stay logged in
Does anyone know why I can't stay logged in to this site, with headers paranoid? http://www.cctvforum.com/ squid.conf: http://pastebin.ca/2384770 Here's what happens when I give my username and password on the site and try to log in: http://pastebin.ca/2384773
Re: [squid-users] Content Encoding Error
On Thursday, May 09, 2013 09:18:53 PM Amos Jeffries wrote: On 10/05/2013 2:24 a.m., cac...@quantum-sci.com wrote: OK I guess I have to ditch Squid. I can't live with this. Well, if you cant or dont want to supply the information needed to help there is very little help possible. LOL, it appears you feel I am being uncooperative. What does your squid.conf contain? http://pastebin.com/ke5WQkdj This is the squid.conf documentation with some lines uncommented. Notably the _incomplete example_ of how to do anonymous proxy configuration for HTTP/1.0 traffic. Few of the HTTP/1.1 headers are handled there. The error you report is usually seen when Accept*, Content-Encoding or Tansfer-Encoding are screwed with. The logs you wont supply would have shown which was the problem. 'The logs I -won't- supply'? You mean the logs I -can't- supply because Squid hasn't made logs for me for months. The squid.conf documentation? That is exactly what comes with Debian's squid package. What do you mean documentation? Where is the secret place that you are getting the real .conf file? _incomplete example_ ? Where is the secret place that you get the full header anonymization?
Re: [squid-users] Content Encoding Error
On Friday, May 10, 2013 06:17:10 AM Amos Jeffries wrote: If you like we'd probably get that sorted. I'm thinking its a permissions issue in the logs directory, overflowing logs due to log rotation errors (ALL,3 can output a lot of data and get into a bit of trouble getting past 2 or 4 GB). OK I've always gone to /var/log/squid, which is empty, but I see there is now a squid3. Logs are there, although don't seem to be getting rotated. With the squid3 packages you will find it in /etc/squid3/squid.conf. With the file you posted at squid.conf.documented. if you are building your own and installign over an existing Squid, you will find the new default config in squid.conf.default next to your squid.conf and an updated documentation file at squid.conf.documented. Actually that is the squid.conf you get in /etc/squid3 when installing squid3 in Debian. That extensively-commented .conf is what we've always gotten there in Debian. There isn't one published that I'm aware of. Its just that nobody has updated that one in most of a decade to allow the more recently created required headers through. Like you are probably encountering errors due to Transfer-Encoding and TE being missing. So the problem is new headers. I added request_header_access Transfer-Encoding allow all reply_header_access Transfer-Encoding allow all ... and it fixed it, thanks. It is worrying though that this is not being kept up, and anonymized headers is not documented. That we have more of this to look forward to. Why are ppl afraid to post what they have? It's not like we're going to hack in to their squid server via anonymous headers.
Re: [squid-users] Content Encoding Error
Ah yes, the logrotate path was wrong. Fixed it now. On Friday, May 10, 2013 07:06:00 AM Helmut Hullen wrote: What tells squid -v about sysconfdir (where squid.conf is found) and about with- logdir? --sysconfdir=/etc/squid3 --with-logdir=/var/log/squid3 What tells grep log sysconfdir/squid.conf about the logging directives? The only line uncommented: logfile_rotate 2 Hm, it appears that squid has built-in log rotate? Wouldn't the system logrotate interfere?
Re: [squid-users] FTP
Wow, even FTP works again. Can anyone recommend a secure FTP addon for Firefox? Rather than just having an HTML FTP listing I'd like it to automatically be an FTP client with drag and drop, bulk copy/move, etc.
Re: [squid-users] Content Encoding Error
OK I guess I have to ditch Squid. I can't live with this. On Tuesday, May 07, 2013 09:47:29 PM cac...@quantum-sci.com wrote: On Tuesday, May 07, 2013 07:04:54 PM Amos Jeffries wrote: What Squid version were you upgrading from? I didn't notice what version it was before. What user-agent / browser software are you using? Tor Browser, which is Firefox long-term release. I switch between Squid and Tor with the addon Proxy Switcher. What does your squid.conf contain? http://pastebin.com/ke5WQkdj Also, if you can find the header to/from the client when these requests are happening it woudl be a big help in diagnosing. debug_options 11,2 will give you this in Squid-3.3 but will produce a LOT of output on a busy proxy. I remember Squid logs. But that was a long time ago. They stopped working for some reason. Just like I remember Squid being able to do FTP, but that was even longer ago.
[squid-users] Content Encoding Error
Squid 3.3.3-2 on Debian Testing. Suddenly today after a dist-upgrade yesterday, I am getting a plague of: Content Encoding Error The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression. This is intolerable. Does anyone know the cause?
Re: [squid-users] Content Encoding Error
On Tuesday, May 07, 2013 07:04:54 PM Amos Jeffries wrote: What Squid version were you upgrading from? I didn't notice what version it was before. What user-agent / browser software are you using? Tor Browser, which is Firefox long-term release. I switch between Squid and Tor with the addon Proxy Switcher. What does your squid.conf contain? http://pastebin.com/ke5WQkdj Also, if you can find the header to/from the client when these requests are happening it woudl be a big help in diagnosing. debug_options 11,2 will give you this in Squid-3.3 but will produce a LOT of output on a busy proxy. I remember Squid logs. But that was a long time ago. They stopped working for some reason. Just like I remember Squid being able to do FTP, but that was even longer ago.
