On 12/07/17 04:36, Sonya Roy wrote:
As Alex mentioned its not possible to do with squid. I modified the
squid source code to do this a month ago. Its not hard to do, you will
only need to modify http.cc and client_side.cc a bit.
What you did and what avi_h is asking about does not match what avi_h
says they want to happen.
On 12/07/17 07:00, avi_h wrote:
> make
> some server(s) think that the
> request is coming directly from a user agent
Even sending the entire HTTP headers as-is through to the server cannot
prevent proxy detection if the server is actively trying to detect it.
Some naive services look only at the headers, others inject code into
the client to scan the Browsers view of the network environment and send
that back to the server for comparison of what the server environment
contains - yelling "proxy" if anything appears different, regardless of
whether a proxy actually exists.
So as Alex hinted but did not state - what would help is info about the
specific websites/services one is trying to work around. Narrowing the
problem down to certain sites, and what behaviour you want to stop them
having would be a great first step.
FWIW; in my experience most of the real traffic problems are not caused
by proxy detection at all. That seems to be purely users/admin getting
thrown off by other equally broken problem-detection websites, or
blaming the proxy when something else is causing problems.
The real problem is usually servers dying in horrible ways when
unexpected HTTP headers are given to them - even fully standardized
headers like Via (RFC 2068, 2616, 7231) with standard values is beyond
some server scripts ability to parse.
Not many web dev seems to understand that HTTP headers can contain
arbitrary-length comments. "via off" is not so much preventing the proxy
causing problems, but preventing clients behind the proxy injecting
bogus XSS code into the server script through it - by granting any
attacker more complete anonimity to do other attacks.
(sorry for the rant - I'm just tired of people thinking that hiding
their proxy actually helps).
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
