/squid/3/anonymize_http_request.conf |
@@ -0,0 +1,92 @@ |
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## |
## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
## rights of fair usage, the disclaimer and warranty conditions. ## |
########################################################################### |
## Squid3 - rules to anonymize HTTP request headers. ## |
########################################################################### |
|
### Content-Types that are acceptable for the response (replace this). |
request_header_access Accept deny all |
### Character sets that are acceptable (replace this). |
request_header_access Accept-Charset deny all |
### List of acceptable encodings (replace this). |
request_header_access Accept-Encoding deny all |
### List of acceptable human languages for response (replace this). |
request_header_access Accept-Language allow all |
### Acceptable version in time |
# request_header_access Accept-Datetime allow all |
request_header_access Authorization allow all |
# request_header_access Cache-Control allow all |
request_header_access Connection allow all |
### Needed for not breaking most websites. |
request_header_access Cookie allow all |
request_header_access Content-Length allow all |
request_header_access Content-MD5 allow all |
request_header_access Content-Type allow all |
### The date and time that the message was sent. |
# request_header_access Date allow all |
request_header_access Expect allow all |
### The email address of the user making the request. |
# request_header_access From allow all |
request_header_access Host allow all |
request_header_access If-Match allow all |
request_header_access If-Modified-Since allow all |
request_header_access If-None-Match allow all |
request_header_access If-Range allow all |
request_header_access If-Unmodified-Since allow all |
### Limit the number of times the message can be forwarded through proxies |
### or gateways. |
# request_header_access Max-Forwards allow all |
### Initiates a request for cross-origin resource sharing. |
# request_header_access Origin allow all |
# request_header_access Pragma allow all |
request_header_access Proxy-Authorization allow all |
request_header_access Range allow all |
### Needed in order to not break some sites using referrer checks. |
request_header_access Referer allow all |
request_header_access TE allow all |
### Replace the User-Agent string except for the domains specified in the |
### "real_user_agent" ACL. |
acl real_user_agent dstdom_regex "/etc/squid3/real_user_agent.conf" |
request_header_access User-Agent allow real_user_agent |
request_header_access User-Agent deny !real_user_agent |
### Ask the server to upgrade to another protocol. |
# request_header_access Upgrade allow all |
### Informs the server of proxies through which the request was sent. |
request_header_access Via allow all |
request_header_access Warning allow all |
### Needed for AJAX requests. |
request_header_access X-Requested-With allow all |
### Requests a web application to disable their tracking of a user. |
## Yeah, lol, wear a "do-not-follow-me" T-Shirt. Smart. Very smart. |
# request_header_access DNT allow all |
### Identifying the originating IP address of a client connecting through |
### a proxy server indicating what client was forwarded. |
# request_header_access X-Forwarded-For allow all |
### Identifying the original host requested by the client. |
request_header_access X-Forwarded-Host allow all |
### Identifying the originating protocol of an HTTP request |
request_header_access X-Forwarded-Proto allow all |
request_header_access Front-End-Https allow all |
request_header_access X-Http-Method-Override allow all |
### Allows easier parsing of the MakeModel/Firmware that is usually found |
### in the User-Agent String of AT&T Devices. |
# request_header_access X-ATT-DeviceId allow all |
### Full description and details about the device currently connecting. |
# request_header_access X-Wap-Profile allow all |
request_header_access Proxy-Connection allow all |
### Server-side deep packet insertion of a unique ID identifying customers. |
### of Verizon Wireless. |
# request_header_access X-UIDH allow all |
request_header_access X-Csrf-Token allow all |
# request_header_access X-Request-ID allow all |
# request_header_access X-Correlation-ID allow all |
request_header_access X-Accel-Redirect allow all |
request_header_access X-Sendfile allow all |
request_header_access X-LIGHTTPD-send-file allow all |
request_header_access X-Accel-Limit-Rate allow all |
request_header_access X-Accel-Buffering allow all |
request_header_access X-Accel-Charset allow all |
request_header_access Other deny all |
request_header_access All deny all |
/squid/3/anonymize_http_response.conf |
@@ -0,0 +1,73 @@ |
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## |
## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
## rights of fair usage, the disclaimer and warranty conditions. ## |
########################################################################### |
## Squid3 - rules to anonymize HTTP response headers. ## |
########################################################################### |
|
reply_header_access Access-Control-Allow-Origin allow all |
reply_header_access Accept-Patch allow all |
reply_header_access Accept-Ranges allow all |
reply_header_access Age allow all |
reply_header_access Allow allow all |
reply_header_access Alt-Svc allow all |
# reply_header_access Cache-Control allow all |
reply_header_access Connection allow all |
reply_header_access Content-Disposition allow all |
reply_header_access Content-Encoding allow all |
reply_header_access Content-Language allow all |
reply_header_access Content-Length allow all |
reply_header_access Content-Location allow all |
reply_header_access Content-MD5 allow all |
reply_header_access Content-Range allow all |
reply_header_access Content-Type allow all |
### The date and time that the message was sent. |
# reply_header_access Date allow all |
reply_header_access ETag allow all |
reply_header_access Expires allow all |
reply_header_access Last-Modified allow all |
reply_header_access Link allow all |
reply_header_access Location allow all |
reply_header_access P3P allow all |
# reply_header_access Pragma allow all |
reply_header_access Proxy-Authenticate allow all |
reply_header_access Public-Key-Pins allow all |
reply_header_access Refresh allow all |
reply_header_access Retry-After allow all |
reply_header_access Server allow all |
reply_header_access Set-Cookie allow all |
reply_header_access Status allow all |
### HSTS (no, thank you) and cache. |
# reply_header_access Strict-Transport-Security allow all |
reply_header_access Trailer allow all |
reply_header_access Transfer-Encoding allow all |
### Tracking Status Value (TSV), value suggested to be sent in response to |
### a do-not-track (DNT). No, thank you. |
# reply_header_access TSV allow all |
### Ask the client to upgrade to another protocol. |
# reply_header_access Upgrade allow all |
reply_header_access Vary allow all |
reply_header_access Via allow all |
reply_header_access Warning allow all |
reply_header_access WWW-Authenticate allow all |
reply_header_access X-Frame-Options allow all |
reply_header_access X-XSS-Protection allow all |
reply_header_access Content-Security-Policy allow all |
reply_header_access X-Content-Security-Policy allow all |
reply_header_access X-WebKit-CSP allow all |
reply_header_access X-Content-Type-Options allow all |
reply_header_access X-Powered-By allow all |
reply_header_access X-UA-Compatible allow all |
reply_header_access X-Content-Duration allow all |
# reply_header_access Upgrade-Insecure-Requests allow all |
# reply_header_access X-Request-ID allow all |
# reply_header_access X-Correlation-ID allow all |
reply_header_access X-Accel-Redirect allow all |
reply_header_access X-Sendfile allow all |
reply_header_access X-LIGHTTPD-send-file allow all |
reply_header_access X-Accel-Limit-Rate allow all |
reply_header_access X-Accel-Buffering allow all |
reply_header_access X-Accel-Charset allow all |
reply_header_access Other deny all |
reply_header_access All deny all |
/squid/3/privacy.conf |
@@ -0,0 +1,41 @@ |
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## |
## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## |
## rights of fair usage, the disclaimer and warranty conditions. ## |
########################################################################### |
## Squid3 - general privacy settings. ## |
########################################################################### |
|
### Ignore responses from different nameservers. |
ignore_unknown_nameservers on |
|
### Turn off sending squid version information. |
httpd_suppress_version_string on |
|
### Remove via and x-forwarded-for |
## Do not disable via if it will be cleaned by upstream proxies under our |
## control. |
# via off |
forwarded_for delete |
follow_x_forwarded_for deny all |
|
### Replace accept encoding. |
request_header_replace Accept */* |
request_header_replace Accept-Encoding * |
request_header_replace Accept-Charset utf-8 |
request_header_replace Accept-Encoding gzip, deflate |
### Very important: net neutrality and global equity tweak. . . |
request_header_replace Accept-Language en-US |
|
### Replace User-Agent. |
### Take your pick! |
## Firefox |
# request_header_replace User-Agent Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1 |
## iPad |
# request_header_replace User-Agent Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X; en-us) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 |
## Windows XP2, IE7 |
# request_header_replace User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) |
## Blackberry |
# request_header_replace User-Agent Mozilla/5.0 (BlackBerry; U; BlackBerry AAAA; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.1 Mobile Safari/534.11+ |
## Chromium |
request_header_replace User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36 |