http://www.cyberciti.biz/faq/squid-proxy-is-not-hiding-client-ip-address
My squid proxy server is displaying system's real IP address. I've a corporate password protected squid proxy server located at 202.54.1.2. My clients work from home or offices via A/DSL / cable connections. Squid should hide all system's IP address, but it is forwarding and displaying the system's IP address. How do I configure squid to hide client's real IP address?
Squid proxy server has a directive called forwarded_for. If set, Squid will include your system's IP address or a name of the HTTP requests it forwards. By default it looks like
this:
If you disable this (set to "off"), it will appear as
If set to "transparent", Squid will not alter the X-Forwarded-For header in any way. If set to "delete", Squid will delete the entire X-Forwarded-For header. If set to "truncate", Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry.
Or (for squid version 3)
Set forwarded_for to off:
OR set it to delete:
Save and close the file.
OR
For squid version 3, run:
Here are my options:
My squid proxy server is displaying system's real IP address. I've a corporate password protected squid proxy server located at 202.54.1.2. My clients work from home or offices via A/DSL / cable connections. Squid should hide all system's IP address, but it is forwarding and displaying the system's IP address. How do I configure squid to hide client's real IP address?
Squid proxy server has a directive called forwarded_for. If set, Squid will include your system's IP address or a name of the HTTP requests it forwards. By default it looks like
this:
X-Forwarded-For: 191.1.2.5If you disable this (set to "off"), it will appear as
X-Forwarded-For: unknownIf set to "transparent", Squid will not alter the X-Forwarded-For header in any way. If set to "delete", Squid will delete the entire X-Forwarded-For header. If set to "truncate", Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry.
Configuration
Open squid.conf file:# vi squid.confOr (for squid version 3)
# vi /etc/squid3/squid.confSet forwarded_for to off:
forwarded_for offOR set it to delete:
forwarded_for deleteSave and close the file.
Reload squid server
You need to restart the squid server, enter:# /etc/init.d/squid restartOR
# squid -k reconfigureFor squid version 3, run:
# squid3 -k reconfigureHere are my options:
# Hide client ip # forwarded_for delete # Turn off via header # via off # Deny request for original source of a request follow_x_forwarded_for deny all # See below request_header_access X-Forwarded-For deny all
Say hello to request_header_access
By default, all headers are allowed (no anonymizing is performed for privacy). You can anonymize outgoing HTTP headers (i.e. headers sent by Squid to the following HTTP hop such as a cache peer or an origin server) to create the standard or paranoid experience. The following option are only tested on squid server version 3.x:Squid standard anonymizer privacy experience
Set the following options in squid3.conf:request_header_access From deny all request_header_access Referer deny all request_header_access User-Agent deny allSave and close the file. Do not forget to restart the squid3 as described above.
Squid standard privacy experience
Set the following options in squid3.conf:request_header_access Authorization allow all request_header_access Proxy-Authorization allow all request_header_access Cache-Control allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Connection allow all request_header_access All deny allSave and close the file. Do not forget to restart the squid3 as described above.
More like this:
- Squid Proxy Server Mac Address based filtering
- Squid Proxy Server Change Outgoing IP Address
- Squid proxy How to filter or block a particular port
- Squid proxy authentication in transparent mode
- Squid Block any Domain Name Accessing the Internet
- Squid Listen on Other Port ( Squid Configure Port Listing with SELinux)
- How to: Linux / UNIX setup Squid Proxy authentication
- Linux Disabling Squid Proxy Server
- Sed: Find and Replace The Whole Line [ Regex ]
- Clear Squid Proxy Cache And Re-create the Cache Directories
No comments:
Post a Comment