6

I have a Squid server at work doing Squid-ly things. I need to have Squid reply with a particular header based on matching an ACL.

The header is a custom one that will look something like 

X-External-IP: 123.45.67.8

I already know about tcp_outbound_ip, and I'm using a similar method to sniff the request header to properly route through a given IP address, but if possible I need to add this reply as well. Searching through Google has given me results on how to block request headers from making it through -- which is NOT what I am trying to do.

Bryan Boettcher
  • 381
  • 2
  • 10

1 Answers1

2

Have you taken a look at the request_header_add directive? It was only just added in release 3.3.

See the directive use here.

From the text;

One or more Squid ACLs may be specified to restrict header
injection to matching requests. As always in squid.conf, all
ACLs in an option ACL list must be satisfied for the insertion
to happen. The request_header_add option supports fast ACLs
only.

I'm not sure if that is what you're interested in, or if you want to append headers to the response and not the request. Squid did not previously have support for header addition with ACL, only modification or removal I believe.

krondor
  • 141
  • 4
  • That's perfect, but my distro only goes to 3.1.19 :( – Bryan Boettcher Jun 03 '13 at 22:57
  • If your distribution is Ubuntu LTS, you could have a look at the [Squid Stable PPA](https://launchpad.net/~pdffs/+archive/squid-stable). If not, I'm sure other popular distros have something similar to track the latest upstream releases (for things as popular as Squid at least). – krondor Jun 03 '13 at 22:59
  • Wish I'd seen that before doing 42 minutes of compiling. – Bryan Boettcher Jun 03 '13 at 23:43
  • Oops, this seems to add to the outgoing request. I need to add it to the reply. – Bryan Boettcher Jun 04 '13 at 00:04
  • 1
    Yeah I was afraid of that... I don't think you can add headers to the reply in Squid. You can ACL them to allow and deny existing ones. I'm assuming you've already seen [reply_header_access](http://www.squid-cache.org/Doc/config/reply_header_access/). – krondor Jun 04 '13 at 01:08