Search squid archive

Re: Wrong country recognition on websites after Squid configured as transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Mon, Sep 12, 2011 at 11:37 PM, Piotr Pawlowski wrote:

Dear Squid users,

I've configured Squid as transparent proxy on my linux-based router.
Everything is working fine, but one thing is really bothering me.
After entering any website, my public IP is recognized as it becomes from US. I.e. currency on international shops becomes US dollar ; some
wordpress statistics applications gives our IP US flag in graphical
access_log presentation. Im sure, that problem is in Squid, because
when I temporary disable http via Squid, everything is working fine.
Does anybody knows why this happens? How to configure Squid to
represent all http requests as they belong to originate country
(Poland, to be more specific).
Thank you in advance for any tips or clues.


In short, the website is broken, or something is blocking the X-Forwarded-For header (forwarded_for).

Assuming that it is actually using the IP. (most of the broken ones do.)

Look at what that IP actually is in the weird logs. Check whether its your public IP or the proxies. If its the proxies the system reporting it is broken and not finding eth X-forwarded-fro header information indicating what your browser IP actually is.

Do a whois lookup on the IP and see where the network leasing it is registered. Most geo-IP databases start with the companies registered location as their default then correct as better info becomes known.


Assuming that its using the Accept-language, country codes, check that the Accept headers are being sent with your actual preferred country/location codes. And that they are passing through the proxy unchanged.


On 12 September 2011 22:41, Hasanen AL-Bana wrote:
Probably you have configured some private IP address behind squid that
looks like a US ip address , this will fix it for you :
forwarded_for off
add it to squid.conf


On Mon, 12 Sep 2011 22:43:13 +0200, Piotr Pawlowski wrote:
Behind Squid is standard LAN with 10.0.0.0/24 subnet .


Geo-based services can be done in a few ways.

* The correct way in HTTP is to use the Accept-Language: header sent by your browser saying what country+language you prefer things to be formatted for. Alphabets, currencies, exchange rate defaults etc.

* Another way is to base it on some geographic database of IPs, using the IP of the browser to determine where you are. It is rough estimation, slightly more targeted to cities than countries like Accept-* headers, with a lot of false-positives due to database inaccuracies and err...DHCP.

* The broken way is to base it solely on the IP which connected in. Ignoring the X-forwarded-for header when present.


Hasanen: As you can see, disabling the forwarded_for header only makes the situation worse. By breaking all the IP-based services which use it to correct errors. They all report the same, but not in a good way.


Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux