Hello Nicolas, I am glad to hear the good news. I guess that your messages are not reaching squid users because you are not using simple text messages. Regards Omero --- Nicolas Royo <nroyo@xxxxxxxxxx> wrote: > ? > It Worked perfectly! > > Testing it during whole weekend against 300 clients! > > Thanxs for your help! glad to be helpfull! > > (now struggling with ip_conntrack: table full, > dropping packet, but thats another story) > > > > > ________________________________ > > De: omero omero [mailto:hotmadtank@xxxxxxxxx] > Enviado el: vie 04/05/2007 22:50 > Para: squid-users@xxxxxxxxxxxxxxx > Asunto: RE: Really transparent proxy > > > > Hello Nicolas, > > For your own convenience, i have chosen to add the > following: > > If you really want to make your proxy server > anonymous. You have to know that disabling Via and > XFF > is not enough. To explain my point, i will introduce > you to a header called UserAgent, this is also added > to the HTTP request but it basicly depends on the > client side. > > So, what is UserAgent? It is a string added which > contains informaion about the browser type, browser > version, operating system and other information. > > How can an ISP or an internet site detect that you > are > behind a proxy using UserAgent? Consider the > following > example: > > - You have two client computers A & B > - Computer A: has Windows NT 5.1 and Internet > explorer > 6.0 installed on it > - Computer B: has Windows NT 5.1 and IE 7.0 > > If the two computers attempt to access the internet > SIMULTANEOUSLY, the ISP can detect that requests > with > different browser version are being transmited. > > An ISP can use this method to detect child proxy > servers. > > What can your proxy server do to prevent this? > Simply > it must modify UserAgent to one united string. How > to > do that in squid? Actually i am a new squid user and > i > did not try to find out how. And I don't have much > time for this. I will leave it to you and other > squid > users. > > Just While I was typing this message, I received a > response to my reply from Chris Robertson. Thank you > Chriss. > > He said that even with disabling XFF, XFF will > contain: Unknown. This will definetly allow the ISP > to > detect that a request is behind a proxy server. XFF > must not be transmitted at all to prevent detection. > > You have to find a way to totally remove the XFF and > Via header. Either by squid or by another proxy > server. > > Another reply from Chris Robertson he said that it > can > solved using squid. So read it :). I will read it > later. > > I am using now a proxy server namely Proxy+, it has > an > option Anonymous(No XFF, No Via) for HTTP requests. > XFF and Via will not be sent at all. Again UserAgent > string is still a problem. > > There is another program which gives you the ability > to modify UserAgent. Its called Foxy. > > Its not recommended to modify UserAgent, because > some > sites use this header to send you the page code that > best suits your browser. But if you have are looking > for making your proxy server completley anonymous, > you > have to consider the UserAgent problem. > > Tiered of typing :) > Good Luck > > Regards > Omero > > > > --- Nicolas Royo <nroyo@xxxxxxxxxx> wrote: > > > Thanxs Omero, > > > > I was passively watching closely this steps since > im > > working with facundo on implementing a squid-wccp > on > > a small ISP on our country. > > > > Greetings for the answer, ill be trying them and > > leting you know if it worked! > > > > > > > > ________________________________ > > > > De: omero omero [mailto:hotmadtank@xxxxxxxxx] > > Enviado el: vie 04/05/2007 20:52 > > Para: squid-users@xxxxxxxxxxxxxxx > > Asunto: Re: Really transparent proxy > > > > > > > > Hello Facundo, > > > > I read you message and the replies. I think that > the > > replies did not solve your problem. I did not open > > the > > links provided, but i read the conclusion which is > > to > > deny Via and X-Forwarded-For (XFF). You do not > need > > to > > deny anything. Actually, you need to disable the > > transmission of Via and XFF. There is a big > > difference > > between [denying Via and XFF] and [disabling > > transmission of Via and XFF]. Denying Via and XFF > is > > to deny HTTP requests that comes from a client > which > > has a proxy server installed on it (with Via and > XFF > > bieng enbaled on that proxy server). You want to > > prevent internet servers from detecting that your > > are > > behind a proxy, therefore you need to disable > > transmission of Via and XFF. > > > > To do that, add the following 2 lines to your > squid > > conf file and don't forget to restart the service > > after you save the file: > > > > forwarded_for off > > via off > > > > > > BUT WAIT, you said that at your server, you did > not > > set any proxy and the site you enter is detecting > > that > > you are behind a proxy. Actually, this is not > > related > > to the squid proxy server installed on your > server. > > You get internet from an ISP, and this ISP has a > > proxy > > server on it. Right? Sure. The proxy server of > your > > ISP will add the Via and XFF. You can't do > anything > > about it from your side. You might want to use > > ANONYMOUS proxy servers that can serve your > purpose > > by > > modifying requests after they are in no more > > controlled by your ISP. Requests go likes this: > You > > --> Your ISP --> Anonymous Proxy server --> Target > > Site. > > > > Regards. > > > > > > > > --- Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote: > > > > > On Thu, May 03, 2007, Chris Robertson wrote: > > > > Facundo Vilarnovo wrote: > > > > >Hello squid users! > > > > > I don't know if there's any post about > this, > > > but, maybe not... > > > > >anyone knows if there's any way for making > > > transparent the squid for > > > > >those pages that tells you what its your ip?, > > for > > > example, right now I > > > > >am behind my transparent squid with wccp, and > > if > > > I go to any site like > > > > >http://www.adsl4ever.com/ip/ it tells my ip > > > address, and also tells me, > > > > >that I am behind a proxy. Like I say before I > > > don't have any explicit > > > > >configuration on my browser that points to > the > > > squid. > > > > > > > > > >PS: I'd also try another pages like this.. > > > happens the same! > > > > > > > > > > > > > > >Regards > > > > >Facundo > > > > > > > > > > > > > > > > > > > http://www.squid-cache.org/mail-archive/squid-users/200604/0013.html > > > and > > > > the response at > > > > > > > > > > http://www.squid-cache.org/mail-archive/squid-users/200604/0014.html > > > > > > > > In short: > > > > > > > > header_access Via deny all > > > > header_access X-Forwarded-For deny all > > > > > > And check "TPROXY" and Squid-2.6. Its supported > in > > > squid-3, but some features > > > have yet to be ported. > > > > > > > > > > > > > > > Adrian > > > > > > > > > > > > > > > > > ____________________________________________________________________________________ > > 8:00? 8:25? 8:40? Find a flick in no time > > with the Yahoo! Search movie showtime shortcut. > > http://tools.search.yahoo.com/shortcuts/#news > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam > protection around > http://mail.yahoo.com <http://mail.yahoo.com/> > > > ____________________________________________________________________________________ Looking for earth-friendly autos? Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center. http://autos.yahoo.com/green_center/
