HTTP Proxy

GoodYear

Junior Member
Okay, I now have a big problem with your http proxy (5080 port). I can't browse any https pages. I simply get server not found whenever I try to open https page. It started today. There are a couple of servers left that I can use: Canada, Japan. I tried half of your servers and most of them have this issue. Any alternative ports I can use with your Tunnel Manager? Please don't tell me I have wrong configurations. Everything was fine last night.
 

PP Frank

Staff member
I checked this and you mean the Squid over SSH and not the Squid direct and you are right. We will fix this so fast as we can.
 

owa

Junior Member
I have to confirm, SQUID is severely broken atm. Mainproblem seems to be fetching https sites
 

GoodYear

Junior Member
Yes, all works as it should now. Even Hong Kong. Thank you. Next time when I say something doesn't work, don't just disregard it. It all started with Hong Kong server.
 

PP Lars

Staff member
Sorry, my fault.

I updated the squid configuration on all servers.

The new configuration now has a whitelist of all allowed request headers, and will block everything else.
This will prevent mobile and other devices from sending identification headers.

New configuration:

via off
forwarded_for delete
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access Cookie allow all
request_header_access All deny all
reply_header_access From deny all
reply_header_access Referer deny all
reply_header_access Server deny all
reply_header_access User-Agent deny all
reply_header_access Link deny all
reply_header_access Via deny all
header_replace User-Agent Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:20.0) Gecko/20100101 Firefox/20.0
 

owa

Junior Member
GoodYear;n3573 said:
Yes, all works as it should now. Even Hong Kong. Thank you. Next time when I say something doesn't work, don't just disregard it. It all started with Hong Kong server.
hongkong worked before aswell, several other members including the administration tested this. sorry but your oppinion isnt final.
 
Top