RE: [squid-users] Really transparent proxy

From: omero omero <hotmadtank@dont-contact.us>
Date: Mon, 7 May 2007 14:59:29 -0700 (PDT)

Hello Nicolas,

I am glad to hear the good news.

I guess that your messages are not reaching squid
users because you are not using simple text messages.
Squid mail server rejects html emails. Also avoid
putting in the "To" (which is "para" in your language)
field any address except the one for squid to avoid
Squid Spam Gaurd identifying your message as spam.
Instead you can use "BCC" (Blind Carbon Copy) field,
and add in it the other email addresses you want.
Don't use "CC".

Regards
Omero

--- Nicolas Royo <nroyo@ertach.com> wrote:

> ?
> It Worked perfectly!
>
> Testing it during whole weekend against 300 clients!
>
> Thanxs for your help! glad to be helpfull!
>
> (now struggling with ip_conntrack: table full,
> dropping packet, but thats another story)
>
>
>
>
> ________________________________
>
> De: omero omero [mailto:hotmadtank@yahoo.com]
> Enviado el: vie 04/05/2007 22:50
> Para: squid-users@squid-cache.org
> Asunto: RE: [squid-users] Really transparent proxy
>
>
>
> Hello Nicolas,
>
> For your own convenience, i have chosen to add the
> following:
>
> If you really want to make your proxy server
> anonymous. You have to know that disabling Via and
> XFF
> is not enough. To explain my point, i will introduce
> you to a header called UserAgent, this is also added
> to the HTTP request but it basicly depends on the
> client side.
>
> So, what is UserAgent? It is a string added which
> contains informaion about the browser type, browser
> version, operating system and other information.
>
> How can an ISP or an internet site detect that you
> are
> behind a proxy using UserAgent? Consider the
> following
> example:
>
> - You have two client computers A & B
> - Computer A: has Windows NT 5.1 and Internet
> explorer
> 6.0 installed on it
> - Computer B: has Windows NT 5.1 and IE 7.0
>
> If the two computers attempt to access the internet
> SIMULTANEOUSLY, the ISP can detect that requests
> with
> different browser version are being transmited.
>
> An ISP can use this method to detect child proxy
> servers.
>
> What can your proxy server do to prevent this?
> Simply
> it must modify UserAgent to one united string. How
> to
> do that in squid? Actually i am a new squid user and
> i
> did not try to find out how. And I don't have much
> time for this. I will leave it to you and other
> squid
> users.
>
> Just While I was typing this message, I received a
> response to my reply from Chris Robertson. Thank you
> Chriss.
>
> He said that even with disabling XFF, XFF will
> contain: Unknown. This will definetly allow the ISP
> to
> detect that a request is behind a proxy server. XFF
> must not be transmitted at all to prevent detection.
>
> You have to find a way to totally remove the XFF and
> Via header. Either by squid or by another proxy
> server.
>
> Another reply from Chris Robertson he said that it
> can
> solved using squid. So read it :). I will read it
> later.
>
> I am using now a proxy server namely Proxy+, it has
> an
> option Anonymous(No XFF, No Via) for HTTP requests.
> XFF and Via will not be sent at all. Again UserAgent
> string is still a problem.
>
> There is another program which gives you the ability
> to modify UserAgent. Its called Foxy.
>
> Its not recommended to modify UserAgent, because
> some
> sites use this header to send you the page code that
> best suits your browser. But if you have are looking
> for making your proxy server completley anonymous,
> you
> have to consider the UserAgent problem.
>
> Tiered of typing :)
> Good Luck
>
> Regards
> Omero
>
>
>
> --- Nicolas Royo <nroyo@ertach.com> wrote:
>
> > Thanxs Omero,
> >
> > I was passively watching closely this steps since
> im
> > working with facundo on implementing a squid-wccp
> on
> > a small ISP on our country.
> >
> > Greetings for the answer, ill be trying them and
> > leting you know if it worked!
> >
> >
> >
> > ________________________________
> >
> > De: omero omero [mailto:hotmadtank@yahoo.com]
> > Enviado el: vie 04/05/2007 20:52
> > Para: squid-users@squid-cache.org
> > Asunto: Re: [squid-users] Really transparent proxy
> >
> >
> >
> > Hello Facundo,
> >
> > I read you message and the replies. I think that
> the
> > replies did not solve your problem. I did not open
> > the
> > links provided, but i read the conclusion which is
> > to
> > deny Via and X-Forwarded-For (XFF). You do not
> need
> > to
> > deny anything. Actually, you need to disable the
> > transmission of Via and XFF. There is a big
> > difference
> > between [denying Via and XFF] and [disabling
> > transmission of Via and XFF]. Denying Via and XFF
> is
> > to deny HTTP requests that comes from a client
> which
> > has a proxy server installed on it (with Via and
> XFF
> > bieng enbaled on that proxy server). You want to
> > prevent internet servers from detecting that your
> > are
> > behind a proxy, therefore you need to disable
> > transmission of Via and XFF.
> >
> > To do that, add the following 2 lines to your
> squid
> > conf file and don't forget to restart the service
> > after you save the file:
> >
> > forwarded_for off
> > via off
> >
> >
> > BUT WAIT, you said that at your server, you did
> not
> > set any proxy and the site you enter is detecting
> > that
> > you are behind a proxy. Actually, this is not
> > related
> > to the squid proxy server installed on your
> server.
> > You get internet from an ISP, and this ISP has a
> > proxy
> > server on it. Right? Sure. The proxy server of
> your
> > ISP will add the Via and XFF. You can't do
> anything
> > about it from your side. You might want to use
> > ANONYMOUS proxy servers that can serve your
> purpose
> > by
> > modifying requests after they are in no more
> > controlled by your ISP. Requests go likes this:
> You
> > --> Your ISP --> Anonymous Proxy server --> Target
> > Site.
> >
> > Regards.
> >
> >
> >
> > --- Adrian Chadd <adrian@creative.net.au> wrote:
> >
> > > On Thu, May 03, 2007, Chris Robertson wrote:
> > > > Facundo Vilarnovo wrote:
> > > > >Hello squid users!
> > > > > I don't know if there's any post about
> this,
> > > but, maybe not...
> > > > >anyone knows if there's any way for making
> > > transparent the squid for
> > > > >those pages that tells you what its your ip?,
> > for
> > > example, right now I
> > > > >am behind my transparent squid with wccp, and
> > if
> > > I go to any site like
> > > > >http://www.adsl4ever.com/ip/ it tells my ip
> > > address, and also tells me,
> > > > >that I am behind a proxy. Like I say before I
> > > don't have any explicit
> > > > >configuration on my browser that points to
> the
> > > squid.
> > > > >
> > > > >PS: I'd also try another pages like this..
> > > happens the same!
> > > > >
> > > > >
> > > > >Regards
> > > > >Facundo
> > > > >
> > > >
> > > >
> > >
> >
>
http://www.squid-cache.org/mail-archive/squid-users/200604/0013.html
> > > and
> > > > the response at
> > > >
> > >
> >
>
http://www.squid-cache.org/mail-archive/squid-users/200604/0014.html
> > > >
> > > > In short:
> > > >
> > > > header_access Via deny all
> > > > header_access X-Forwarded-For deny all
> > >
> > > And check "TPROXY" and Squid-2.6. Its supported
> in
> > > squid-3, but some features
> > > have yet to be ported.
> > >
> > >
> > >
> > >
> > > Adrian
> > >
> > >
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > 8:00? 8:25? 8:40? Find a flick in no time
> > with the Yahoo! Search movie showtime shortcut.
> > http://tools.search.yahoo.com/shortcuts/#news
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com <http://mail.yahoo.com/>
>
>
>

 
____________________________________________________________________________________
Don't get soaked. Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather
Received on Mon May 07 2007 - 15:59:37 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT