-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29/09/2014 12:03 p.m., Lawrence Pingree wrote: > Add: > > forwarded_for delete FYI: Configuring the above is an explicit statement that you are taking full legal responsibility for any bad behaviour of the clients using this proxy. Up to and including any proxy they may be running. > > Via off FYI: Via: header is mandatory in HTTP. Its purpose is to identify the transited protocol versions end-to-end and prevent servers and clients attempting to use end-to-end features which will break somewhere in the middle of transit. For example WebSockets over an FTP or WAIS gateway. It is also used more critically to prevent traffic forwarding loops. The basic detail people need to be aware of is that proxies in HTTP are *completely normal*. Same as email SMTP servers and DNS recursive resolvers. Anyone setting up blocks based on the existence of a proxy in the traffic pathway is breaking service needlessly. The "good" proxies identify themselves, the "bad" ones use tricks like the above to violate traffic and cannot be detected by the "block all proxies" rules. Also, the config below already shows: > request_header_access X-Forwarded-For deny all > > request_header_access Via deny all Which does the same as the above config recommendation. That tells me the website is using details other than received HTTP headers to determine proxy existence. > > From: squid-users On Behalf Of Ahmd > > hi all , im trying to make anonymous squid as i can but no luck > akways been caughted by <http://www.ip-score.com/> > http://www.ip-score.com/ ??? > > how do i hide proxy information and let it as its comming from > normal not proxy > > is that possible ? No because using a proxy *is normal* in HTTP. Non-proxy traffic is the abnormal. Sites like that are numerous and use numerous ways to identify the existence or not of a proxy even with full TPROXY or SOCKS "hiding" the client. You can anonymize the client by revealing the proxy. Or obfuscate the proxy by revealing the client private details. Pick one. > any help ? > > > > I need to test the proxy score on the website > > Ip-score.com and want it 0 % > Why? > > > Is that possible to let squid don't modify anything in the request > andseems as not passed from proxy ? Doing so violates HTTP and is itself detectable. The removal of HTTP information about proxy is far more revealing about the use of a proxy than passing through the X-forwarded-for and Via headers. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUKN2mAAoJELJo5wb/XPRj31wH/24oRkb0IQ2Q40A+zpT67j4f gMxqOVkbRlE7Ies4fl34+bYlnPsWA4D3xn07LaCAoHxgG/KjMw2g415a77cqhS2u Tod6/dejhU78AvyU/0qkPpGTMNJcaqCMxuqH/+ndMx3ibHK8T43yUaPIx9TmfHR9 xJTcdnZcMLmfKL8pemGlkiipzmY78cpqx2SaNceKrO3rsgitJhIZ3t0ei4C9qnWd 85fbVJTBFsRoLTly+6rD+dOTY2v0cFAqHYNA8JG3abKhBWd31PmMIfR/tXWNoHhw kpvHlVm1/FuntvmSrixQxMPmaPEsKBoqRIGN3l/TImpDhC2PUojnVzdfgwEZp3I= =zeFU -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users