Re: [squid-users] Really transparent proxy

From: omero omero <hotmadtank@dont-contact.us>
Date: Mon, 7 May 2007 16:45:30 -0700 (PDT)

Hello Nicolas,

I am glad to hear the good news.

I guess that your messages are not reaching squid
users because you are not using simple text messages.

Regards
Omero

--- Nicolas Royo <nroyo@ertach.com> wrote:

> ?
> It Worked perfectly!
>
> Testing it during whole weekend against 300 clients!
>
> Thanxs for your help! glad to be helpfull!
>
> (now struggling with ip_conntrack: table full,
> dropping packet, but thats another story)
>
>
>
>
> ________________________________
>
> De: omero omero [mailto:hotmadtank@yahoo.com]
> Enviado el: vie 04/05/2007 22:50
> Para: squid-users@squid-cache.org
> Asunto: RE: [squid-users] Really transparent proxy
>
>
>
> Hello Nicolas,
>
> For your own convenience, i have chosen to add the
> following:
>
> If you really want to make your proxy server
> anonymous. You have to know that disabling Via and
> XFF
> is not enough. To explain my point, i will introduce
> you to a header called UserAgent, this is also added
> to the HTTP request but it basicly depends on the
> client side.
>
> So, what is UserAgent? It is a string added which
> contains informaion about the browser type, browser
> version, operating system and other information.
>
> How can an ISP or an internet site detect that you
> are
> behind a proxy using UserAgent? Consider the
> following
> example:
>
> - You have two client computers A & B
> - Computer A: has Windows NT 5.1 and Internet
> explorer
> 6.0 installed on it
> - Computer B: has Windows NT 5.1 and IE 7.0
>
> If the two computers attempt to access the internet
> SIMULTANEOUSLY, the ISP can detect that requests
> with
> different browser version are being transmited.
>
> An ISP can use this method to detect child proxy
> servers.
>
> What can your proxy server do to prevent this?
> Simply
> it must modify UserAgent to one united string. How
> to
> do that in squid? Actually i am a new squid user and
> i
> did not try to find out how. And I don't have much
> time for this. I will leave it to you and other
> squid
> users.
>
> Just While I was typing this message, I received a
> response to my reply from Chris Robertson. Thank you
> Chriss.
>
> He said that even with disabling XFF, XFF will
> contain: Unknown. This will definetly allow the ISP
> to
> detect that a request is behind a proxy server. XFF
> must not be transmitted at all to prevent detection.
>
> You have to find a way to totally remove the XFF and
> Via header. Either by squid or by another proxy
> server.
>
> Another reply from Chris Robertson he said that it
> can
> solved using squid. So read it :). I will read it
> later.
>
> I am using now a proxy server namely Proxy+, it has
> an
> option Anonymous(No XFF, No Via) for HTTP requests.
> XFF and Via will not be sent at all. Again UserAgent
> string is still a problem.
>
> There is another program which gives you the ability
> to modify UserAgent. Its called Foxy.
>
> Its not recommended to modify UserAgent, because
> some
> sites use this header to send you the page code that
> best suits your browser. But if you have are looking
> for making your proxy server completley anonymous,
> you
> have to consider the UserAgent problem.
>
> Tiered of typing :)
> Good Luck
>
> Regards
> Omero
>
>
>
> --- Nicolas Royo <nroyo@ertach.com> wrote:
>
> > Thanxs Omero,
> >
> > I was passively watching closely this steps since
> im
> > working with facundo on implementing a squid-wccp
> on
> > a small ISP on our country.
> >
> > Greetings for the answer, ill be trying them and
> > leting you know if it worked!
> >
> >
> >
> > ________________________________
> >
> > De: omero omero [mailto:hotmadtank@yahoo.com]
> > Enviado el: vie 04/05/2007 20:52
> > Para: squid-users@squid-cache.org
> > Asunto: Re: [squid-users] Really transparent proxy
> >
> >
> >
> > Hello Facundo,
> >
> > I read you message and the replies. I think that
> the
> > replies did not solve your problem. I did not open
> > the
> > links provided, but i read the conclusion which is
> > to
> > deny Via and X-Forwarded-For (XFF). You do not
> need
> > to
> > deny anything. Actually, you need to disable the
> > transmission of Via and XFF. There is a big
> > difference
> > between [denying Via and XFF] and [disabling
> > transmission of Via and XFF]. Denying Via and XFF
> is
> > to deny HTTP requests that comes from a client
> which
> > has a proxy server installed on it (with Via and
> XFF
> > bieng enbaled on that proxy server). You want to
> > prevent internet servers from detecting that your
> > are
> > behind a proxy, therefore you need to disable
> > transmission of Via and XFF.
> >
> > To do that, add the following 2 lines to your
> squid
> > conf file and don't forget to restart the service
> > after you save the file:
> >
> > forwarded_for off
> > via off
> >
> >
> > BUT WAIT, you said that at your server, you did
> not
> > set any proxy and the site you enter is detecting
> > that
> > you are behind a proxy. Actually, this is not
> > related
> > to the squid proxy server installed on your
> server.
> > You get internet from an ISP, and this ISP has a
> > proxy
> > server on it. Right? Sure. The proxy server of
> your
> > ISP will add the Via and XFF. You can't do
> anything
> > about it from your side. You might want to use
> > ANONYMOUS proxy servers that can serve your
> purpose
> > by
> > modifying requests after they are in no more
> > controlled by your ISP. Requests go likes this:
> You
> > --> Your ISP --> Anonymous Proxy server --> Target
> > Site.
> >
> > Regards.
> >
> >
> >
> > --- Adrian Chadd <adrian@creative.net.au> wrote:
> >
> > > On Thu, May 03, 2007, Chris Robertson wrote:
> > > > Facundo Vilarnovo wrote:
> > > > >Hello squid users!
> > > > > I don't know if there's any post about
> this,
> > > but, maybe not...
> > > > >anyone knows if there's any way for making
> > > transparent the squid for
> > > > >those pages that tells you what its your ip?,
> > for
> > > example, right now I
> > > > >am behind my transparent squid with wccp, and
> > if
> > > I go to any site like
> > > > >http://www.adsl4ever.com/ip/ it tells my ip
> > > address, and also tells me,
> > > > >that I am behind a proxy. Like I say before I
> > > don't have any explicit
> > > > >configuration on my browser that points to
> the
> > > squid.
> > > > >
> > > > >PS: I'd also try another pages like this..
> > > happens the same!
> > > > >
> > > > >
> > > > >Regards
> > > > >Facundo
> > > > >
> > > >
> > > >
> > >
> >
>
http://www.squid-cache.org/mail-archive/squid-users/200604/0013.html
> > > and
> > > > the response at
> > > >
> > >
> >
>
http://www.squid-cache.org/mail-archive/squid-users/200604/0014.html
> > > >
> > > > In short:
> > > >
> > > > header_access Via deny all
> > > > header_access X-Forwarded-For deny all
> > >
> > > And check "TPROXY" and Squid-2.6. Its supported
> in
> > > squid-3, but some features
> > > have yet to be ported.
> > >
> > >
> > >
> > >
> > > Adrian
> > >
> > >
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > 8:00? 8:25? 8:40? Find a flick in no time
> > with the Yahoo! Search movie showtime shortcut.
> > http://tools.search.yahoo.com/shortcuts/#news
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com <http://mail.yahoo.com/>
>
>
>

 
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
Received on Mon May 07 2007 - 17:45:37 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT