On 5/18/22 15:35, Eliezer Croitoru wrote:
I have seen that many sites are against MITM since they want to be able
to reach the client directly and without any ICAP proxy in the middle.
There are services that gives captcha pages when these pages are being
MITM by squid, for example: https://linuxize.com
@Alex, can we please try to define what cause this and if it is at all
possible to avoid this? (eventually…)
There are many known ways to fingerprint a proxy, and Squid is not
even trying to hide its presence beyond a couple of basic directives
like "via off". It is possible to make Squid "more stealthy", of course.
Since needless traffic modification sometimes causes compatibility
problems, the Squid Project ought to accept quality improvements in this
area IMO. However, I am not aware of any active efforts in this direction.
Whether a particular Squid change (to remove proxied traffic
modification) can defeat a particular proxy detection mechanism depends
on whether that mechanism relies on that traffic modification
(exclusively), of course. I do not know what linuxize.com is using right
now. Needless to say, they can change or improve their detection methods
just like others can change or improve Squid.
Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
