Facundo Vilarnovo wrote:
Chris,
Thanx for your quick answer.
You are welcome, but please don't top-post . It makes referencing
messages in the archive much more difficult by ruining the flow of a
conversation.
We´ve also tried that, now that you mencion it, we are still trying a few combinations of the following lines.
header_access Via deny all / none
header_access X-Forwarded-For deny all / none
via off / on / deny
forwarder_for off / on / deny
Defining "header_access Via deny all" will prevent your Squid from
passing ANY Via headers. Also specifying "via on" (or "via off") is
superfluous. Same thing for "header_access X-Forwarded-For deny all".
Be sure you have not changed the definition of the "all" ACL. An
earlier post shows it intact.
The best result we´ve got is that is not detecting the proxy server..........but it is still going out with proxy ips.
I maintain, that is an odd result.
Some conclusion left we are studying are:
-Our squid has only one nic, not two like lots of examples here. (eth0 + gre0)
If I'm not mistaken, gre0 is a virtual interface, not a physical one.
-We are using REDIRECT in iptables instead of nat........has anything to do with that?
It might. Set the header_access denies I suggested, surf to
http://devel.squid-cache.org/cgi-bin/test with a proxied client and post
the first three lines of the results (source address, via, and forwarded
from).
-We are trying transparently (not setting proxy con IE) and forcing it.......results are the same i guess?
This shouldn't make a difference in how a website perceives the
traffic. Just in how the browser requests it.
Chris
