On Wednesday 25 July 2007 14:42, Tek Bahadur Limbu wrote: > Juraj Sakala wrote: > > On Tuesday 24 July 2007 12:56, Tek Bahadur Limbu wrote: > >> Is this possible? In other words, I want my proxy servers to detect > >> squid or other proxy severs which are being used or operated by others > >> besides me. > > > > May it is bepossible: > > - if you know your network you can use header x_forwarded_for to detect > > unknown networks. > > - if you wont to allow only your proxy servers use http_access directive > > with acl which contains only your proxy's > > - try something like this: > > acl myproxy req_header Via MyProxy > > http_access allow myproxy > > http_access deny all > > - use authentication > > Hi Juraj, > > Thanks for sharing your tips. > > Suppose I have the following: > > acl myproxy req_header Via 192.168.100.0/24 > http_access allow myproxy > http_access deny all It was only tip. I am not sure, but i think squid puts in this header his visible hostname and port in format 1.1 <vysible_hostname>:<port>. So if someone use Squid in default configuration you can block it easily. But it is true, that headers are easily spoofable > Now if I use this, my normal clients (192.168.101.0/24) won't be able to > access my proxy server right? There is question if normal client sends Via header in request, I am sure that not. So we need acl that permits requists from our proxy's with correct Via header or clients with no header and denies all other requests. It will be hard, maybe external acl will be useful.
