Yes that is much easier, thank you. Rafaels line is response header, I received the same. Here is the related cachelog:
2016/06/27 13:52:49.194 kid1| 11,2| http.cc(2235) sendRequest: HTTP Server REQUEST: GET / HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/50.0.2661.102 Chrome/50.0.2661.102 Safari/537.36 Accept-Encoding: gzip, deflate, sdch Accept-Language: tr,en-US;q=0.8,en;q=0.6 ... Host: www.flickr.com Via: 1.1 ubuntuozgen (squid/3.5.19) Surrogate-Capability: ubuntuozgen="Surrogate/1.0 ESI/1.0" X-Forwarded-For: ::1 Cache-Control: max-age=0 Connection: keep-alive .. 2016/06/27 13:52:49.477 kid1| 11,2| http.cc(751) processReplyHeader: HTTP Server REPLY: --------- HTTP/1.1 301 Moved Permanently X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Served-By: pprd1-node552-lh1.manhattan.bf1.yahoo.com X-Instance: flickr.v1.production.manhattan.bf1.yahoo.com Cache-Control: no-cache, max-age=0, must-revalidate, no-store Pragma: no-cache X-Request-Id: 36e709a2 Location: https://www.flickr.com/ Vary: Accept Content-Type: text/html; charset=utf-8 Content-Length: 102 Server: ATS Date: Mon, 27 Jun 2016 10:52:40 GMT Age: 0 Via: http/1.1 fts111.flickr.bf1.yahoo.com (ApacheTrafficServer [cMs f ]), http/1.1 r11.ycpi.dea.yahoo.net (ApacheTrafficServer [cMs f ]) Connection: keep-alive .. And this repeats on and on. As I understand disabling Via header is an acceptable solution. If I could disable the header only for problematic domains that would be better of course. Thank you all. On Mon, Jun 27, 2016 at 1:39 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 27/06/2016 9:04 p.m., Ozgur Batur wrote: > > Hello Amos, > > > > This is the via header sent by my local proxy as part of the request. > > *Via: 1.1 ubuntuozgen (squid/3.5.19)* > > > > It is not fqdn but ubuntu concatanated with a Turkish name so it is > highly > > unlikely that yahoo have such named reverse proxy. I could not decrypt > the > > squid <--> flicker traffic yet this is from pcap output from another http > > site but i think it should be same right? > > Yes pcap (with full packet data) should contain the same needed details > yes. cache.log with debug level 11,2 is the easier way to get the > headers though since the crypto is removed by Squid. > > Amos > > -- H Özgür Batur
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
