Thanks for this useful site. This site cannot be used to test squid in any environment but only in a specific one. What the links I gave you shows? http://myip.net.il/ http://ngtech.co.il/ip.php ?? If you want to bullet proof you network and you have full control over it then you should use the next methods: - Block any outgoing traffic to the internet from the internal network using a simple FireWall - Intercept any traffic on port 53(both tcp and udp) into a local dns proxy and\or caching service I have a running lab with a restricted access to the internet and I will try to see what the results will be there. Don't mistake squid for being "un-usable" since it does what it can, but, if you or another person is the network admin you should consider the required and relevant solutions for your environment. For example I have worked on servers which are connected to the Internet but have a very restrictive policy which do not allow installation of software or access to the network. Either by iptables or selinux or group policies. I am here if you need some advice about the next move with the issue. All The Bests, Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: Sekar Duraisamy [mailto:sekarit@xxxxxxxxx] Sent: Monday, August 28, 2017 12:20 To: Eliezer Croitoru <eliezer@xxxxxxxxxxxx> Cc: Amos Jeffries <squid3@xxxxxxxxxxxxx>; squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Block WebRTC Leak using Squid browserleaks.com/ip . I am testing through Mozilla Browser On Mon, Aug 28, 2017 at 12:47 PM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > I remembered something so please also try: > http://ngtech.co.il/ip.php > > and compare it to the output of: > http://myip.net.il/ > > and please let us know what browsers have you tested this with. > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Sekar Duraisamy > Sent: Monday, August 28, 2017 09:26 > To: Amos Jeffries <squid3@xxxxxxxxxxxxx> > Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Block WebRTC Leak using Squid > > Hi, > > I have tried the below. > > via on > forwarded_for delete > visible_hostname localhost > request_header_access User-Agent deny all > > But still I am able to see original client local IP address and Client > Public IP address instead of tcp_outgoing_address as original client > IP. > > Am i missed anything here? > > On Fri, Aug 25, 2017 at 2:11 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> On 25/08/17 14:00, Sekar Duraisamy wrote: >>> >>> Thanks Amos, Can i use the above configuration even though I am using >>> tcp_outgoing_address in the squid conf? >>> >>> I want to make visible only tcp_outgoing_address only visible to >>> outside and not real client IP. >>> >> >> The second set of directives to hide the client will work. >> >> The first set to hide the proxy are kind of pointless when using a >> proxy-specific IP address / identifier on all traffic out of the proxy. >> >> Amos >> >> >> >>> On Fri, Aug 25, 2017 at 4:11 AM, Amos Jeffries wrote: >>>> >>>> On 25/08/17 03:21, Sekar Duraisamy wrote: >>>>> >>>>> >>>>> I am using http_port 3128 ( direct proxy ) >>>>> >>>> >>>> Then: >>>> >>>> # to hide the proxy >>>> via off >>>> forwarded_for transparent >>>> >>>> # to hide the client >>>> via on >>>> forwarded_for delete >>>> request_header_access User-Agent deny all >>>> >>>> >>>> As you may be able to tell from those you cannot hide both at once. >>>> >>>> Amos >>>> >>>> _______________________________________________ >>>> squid-users mailing list >>>> squid-users@xxxxxxxxxxxxxxxxxxxxx >>>> http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
