Hello Nicolas, For your own convenience, i have chosen to add the following: If you really want to make your proxy server anonymous. You have to know that disabling Via and XFF is not enough. To explain my point, i will introduce you to a header called UserAgent, this is also added to the HTTP request but it basicly depends on the client side. So, what is UserAgent? It is a string added which contains informaion about the browser type, browser version, operating system and other information. How can an ISP or an internet site detect that you are behind a proxy using UserAgent? Consider the following example: - You have two client computers A & B - Computer A: has Windows NT 5.1 and Internet explorer 6.0 installed on it - Computer B: has Windows NT 5.1 and IE 7.0 If the two computers attempt to access the internet SIMULTANEOUSLY, the ISP can detect that requests with different browser version are being transmited. An ISP can use this method to detect child proxy servers. What can your proxy server do to prevent this? Simply it must modify UserAgent to one united string. How to do that in squid? Actually i am a new squid user and i did not try to find out how. And I don't have much time for this. I will leave it to you and other squid users. Just While I was typing this message, I received a response to my reply from Chris Robertson. Thank you Chriss. He said that even with disabling XFF, XFF will contain: Unknown. This will definetly allow the ISP to detect that a request is behind a proxy server. XFF must not be transmitted at all to prevent detection. You have to find a way to totally remove the XFF and Via header. Either by squid or by another proxy server. Another reply from Chris Robertson he said that it can solved using squid. So read it :). I will read it later. I am using now a proxy server namely Proxy+, it has an option Anonymous(No XFF, No Via) for HTTP requests. XFF and Via will not be sent at all. Again UserAgent string is still a problem. There is another program which gives you the ability to modify UserAgent. Its called Foxy. Its not recommended to modify UserAgent, because some sites use this header to send you the page code that best suits your browser. But if you have are looking for making your proxy server completley anonymous, you have to consider the UserAgent problem. Tiered of typing :) Good Luck Regards Omero --- Nicolas Royo <nroyo@xxxxxxxxxx> wrote: > Thanxs Omero, > > I was passively watching closely this steps since im > working with facundo on implementing a squid-wccp on > a small ISP on our country. > > Greetings for the answer, ill be trying them and > leting you know if it worked! > > > > ________________________________ > > De: omero omero [mailto:hotmadtank@xxxxxxxxx] > Enviado el: vie 04/05/2007 20:52 > Para: squid-users@xxxxxxxxxxxxxxx > Asunto: Re: Really transparent proxy > > > > Hello Facundo, > > I read you message and the replies. I think that the > replies did not solve your problem. I did not open > the > links provided, but i read the conclusion which is > to > deny Via and X-Forwarded-For (XFF). You do not need > to > deny anything. Actually, you need to disable the > transmission of Via and XFF. There is a big > difference > between [denying Via and XFF] and [disabling > transmission of Via and XFF]. Denying Via and XFF is > to deny HTTP requests that comes from a client which > has a proxy server installed on it (with Via and XFF > bieng enbaled on that proxy server). You want to > prevent internet servers from detecting that your > are > behind a proxy, therefore you need to disable > transmission of Via and XFF. > > To do that, add the following 2 lines to your squid > conf file and don't forget to restart the service > after you save the file: > > forwarded_for off > via off > > > BUT WAIT, you said that at your server, you did not > set any proxy and the site you enter is detecting > that > you are behind a proxy. Actually, this is not > related > to the squid proxy server installed on your server. > You get internet from an ISP, and this ISP has a > proxy > server on it. Right? Sure. The proxy server of your > ISP will add the Via and XFF. You can't do anything > about it from your side. You might want to use > ANONYMOUS proxy servers that can serve your purpose > by > modifying requests after they are in no more > controlled by your ISP. Requests go likes this: You > --> Your ISP --> Anonymous Proxy server --> Target > Site. > > Regards. > > > > --- Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote: > > > On Thu, May 03, 2007, Chris Robertson wrote: > > > Facundo Vilarnovo wrote: > > > >Hello squid users! > > > > I don't know if there's any post about this, > > but, maybe not... > > > >anyone knows if there's any way for making > > transparent the squid for > > > >those pages that tells you what its your ip?, > for > > example, right now I > > > >am behind my transparent squid with wccp, and > if > > I go to any site like > > > >http://www.adsl4ever.com/ip/ it tells my ip > > address, and also tells me, > > > >that I am behind a proxy. Like I say before I > > don't have any explicit > > > >configuration on my browser that points to the > > squid. > > > > > > > >PS: I'd also try another pages like this.. > > happens the same! > > > > > > > > > > > >Regards > > > >Facundo > > > > > > > > > > > > > http://www.squid-cache.org/mail-archive/squid-users/200604/0013.html > > and > > > the response at > > > > > > http://www.squid-cache.org/mail-archive/squid-users/200604/0014.html > > > > > > In short: > > > > > > header_access Via deny all > > > header_access X-Forwarded-For deny all > > > > And check "TPROXY" and Squid-2.6. Its supported in > > squid-3, but some features > > have yet to be ported. > > > > > > > > > > Adrian > > > > > > > > > ____________________________________________________________________________________ > 8:00? 8:25? 8:40? Find a flick in no time > with the Yahoo! Search movie showtime shortcut. > http://tools.search.yahoo.com/shortcuts/#news > > > ____________________________________________________________________________________ No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail