On 7/03/2017 12:31 a.m., Alex Muir wrote: > Greetings, > > I have implemented the following tutorial > <https://www.digitalocean.com/community/tutorials/how-to-install-squid-proxy-on-centos-6> > from > digital ocean which sets up squid with settings to not have my IP address > forwarded. > > I'm finding however that my local IP is still detected when I google what > my local ip address is. I've configured firefox browser to use the proxy > and have confirmed that it is using the proxy. Additionally https goes > through the proxy however http is blocked. I'd like to ensure that http is > not blocked. > > What changes do I need to make to get this working as desired? Firstly, you need to use an up-to-date version of Squid. Secondly, configure with: " via off forwarded_for transparent " Beyond those two lines there is nothing Squid can do to prevent active scripts from reporting what your browser thinks its IP address is. Eliezer already referred to html5 things. The browser itself is betraying you just by running those scripts. Note that the above config is *all* you need to do. The request_header_access settings are not relevant. All they do is filter custom headers the browser may be sending and Squid blindly relaying. Which brings us to the HTTPS ... When a browser is configured to use a proxy (like yours), HTTPS goes through as a request to setup an opaque tunnel end-to-end. In other words all the encrypted HTTP messages are direct between your browser and the server. So, the request_header_access filtering which you are having the proxy do is useless and not doing a thing to those encrypted messages. "working" there means the server has complete visibility into the client browser but cannot see the proxy - except that the 'client IP' the server sees is that of the proxy. Which is what the above two mentioned config lines make happen for the HTTP traffic. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
