On 6/05/2015 2:25 a.m., Ambadas Hibare wrote: > Hi, > > I trying to spoof client IP via squid proxy by following squid's > TPROXY4 wiki page: http://wiki.squid-cache.org/Features/Tproxy4 > > But I want to know whether squid can spoof client IP when we send > proxy format HTTP request from Mozilla (ie configuring proxy & port > in mozilla). Can squid proxy behave transparently towards only the > web server & not the client? No. It can be both ways, or just towards the client. > > I've tried sending proxy format HTTP request from client to squid box > (on 3129 tproxy port), but I am getting Header forgery error Also > its trying to connect to itself instead of web server. I am trying to > understand why squid is trying to match host header's DNS with the > destination IP instead of connecting to host header's DNS (like > normal proxy behaviour on port 3128). > To prevent CVE-2009-0801 happening. You must not send regular forward-proxy traffic to a tproxy or intercept port. Forwarding loops are guaranteed if you do. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
