I'm trying to configure my squid proxy to add a header to all my requests. There is nothing fancy about the configuration. I have the following:
request_header_add X-Custom-Header "customheadervalue" all
This works for http requests but it will not add any headers for https requests. Is there any configuration I should be doing to make this work? Shouldn't squid be able to add this header to the request before the https is made?
Additionally I noticed that x-forwarded-for is also omitted over https but not on http. I feel like I'm missing something obvious here.
Best Answer
In most scenario's with SSL Squid isn't forwarding the request on your behalf, which is what allows Squid to modify the traffic and insert additional headers on plain HTTP request. With HTTPS/SSL/TLS Squid allows your browser to CONNECT directly to the HTTPS host.
Squid only forwards the encrypted traffic between your browser and the remote server, which, because it is encrypted, duh, can't be modified by Squid. No headers can be inserted because the HTTP headers are within the encrypted data stream.
The subtlety is the difference between forwarding a request, which implies the understanding of the HTTP protocol and forwarding encrypted packets where the HTTP protocol is encrypted and hidden in the TCP/IP stream.