On Wed, 20 Apr 2005, Funieru Bogdan wrote:
themselves in the requests. However if the proxy follows the RFC you should be able to look for a Via:, X-Forwarded-For: or other proxy generated request header line. But not all proxies adds these request headers.
how can i do this ?? where can i find som info, and how does it work ?
See the req_header acl in squid-2.5.STABLE9 (appeared first in 2.5.STABLE8, but broken there..)
this is rather hard because i have a lot of users and to pass arround the pass for each individual would be a really messy job
Noone said it would be easy. But it is quite likely easier than try to identify all those kinds of proxies, many of which leaves no traces other than that you get requests from many different users from the same IP.
The final option is to run statistics, and look closely at the traffic from suspected users (preferably with the User-Agent header preserved) to judge if this traffic is reasonably from one person or if there is many persons behind this IP.
this could work but what if there are users that just happen to download a demo in a day a demo of 400 mb... so this won't work as well
I didn't say you should base this on amount of data transferred. Not very relevant.
More releveant is if you see several different User-Agent headers in the same time period from the same IP, indicating that several different browser or OS versions/models is in use... or that you see concurrent traffic for very many different web sites in a pattern not realistic for a single human.
Regards Henrik
