Re: [squid-users] how to NOT ALLOW to forward proxy

From: Funieru Bogdan <fbsoft01@dont-contact.us>
Date: Wed, 20 Apr 2005 01:55:57 -0700 (PDT)

--- Henrik Nordstrom <hno@squid-cache.org> wrote:

> I think you are asking if there is means to stop
> people from running
> child proxies inside your network.
>

yes this is what i want

> Not easily. Some of these make a pretty good job of
> not revealing
> themselves in the requests. However if the proxy
> follows the RFC you
> should be able to look for a Via:, X-Forwarded-For:
> or other proxy
> generated request header line. But not all proxies
> adds these request
> headers.
>

how can i do this ?? where can i find som info, and
how does it work ?

> Authentication can also be relatively efficient in
> fighting this, but you
> should be aware there is proxies which allow the
> authentication
> credentials to be statically configured to defeat
> this..
>

this is rather hard because i have a lot of users and
to pass arround the pass for each individual would be
a really messy job

> The final option is to run statistics, and look
> closely at the traffic
> from suspected users (preferably with the User-Agent
> header preserved) to
> judge if this traffic is reasonably from one person
> or if there is many
> persons behind this IP.
>

this could work but what if there are users that just
happen to download a demo in a day a demo of 400 mb...
so this won't work as well

> Regards
> Henrik
>

-------------------
Funieru Bogdan
Admin MosilorNET

Contact Info:
Mob:
0742158956
0726592752
0744301506(very rare)
-------------------

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Wed Apr 20 2005 - 02:55:58 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT