header_access

header_access

This directive defines a set of access rules for filtering HTTP headers from both requests and responses. You can use it to remove headers that may violate your privacy, or that cause interoperation issues. For example, this configuration removes Cookie headers sent to a well-known web advertising company:

acl DC dstdomain .doubleclick.net

header_access Cookie deny DC

The header-name field must be one of the HTTP headers Squid knows about or one of the keywords Other or All. Squid currently knows the following HTTP headers:

Accept
 Accept-Charset
 Accept-Encoding
Accept-Language
 Accept-Ranges
 Age
Allow
 Authentication-Info
 Authorization
Cache-Control
 Connection
 Content-Base
Content-Encoding
 Content-Language
 Content-Length
Content-Location
 Content-MD5
 Content-Range
Content-Type
 Cookie
 Date
ETag
 Expires
 From
Host
 If-Match
 If-Modified-Since
If-None-Match
 If-Range
 Last-Modified
Link
 Location
 Max-Forwards
Mime-Version
 Negotiate
 Pragma
Proxy-Authenticate
 Proxy-Authentication-Info
 Proxy-Authorization
Proxy-Connection
 Public
 Range
Referer
 Request-Range
 Retry-After
Server
 Set-Cookie
 Title
Transfer-Encoding
 Upgrade
 User-Agent
Vary
 Via
 WWW-Authenticate
Warning
 X-Accelerator-Vary
 X-Cache
X-Cache-Lookup
 X-Forwarded-For
 X-Request-URI
X-Squid-Error
  

Unfortunately, you can't refer to an unknown header individually. The best you can do is use the keyword Other to refer to all unknown HTTP headers. The keyword All refers to all (known and unknown) HTTP headers.

Note that if you deny the Via header, Squid can't detect forwarding loops (see Section 10.2).

Removing headers from requests and responses is a violation of HTTP.


Syntax

header_access header-name allow|deny [!]ACLname ...

Default

No default

Example

header_access From deny All

Related

acl, header_replace



    Appendix A. Config File Reference