Re: [squid-users] Really transparent proxy

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 16 May 2007 12:35:33 -0800

Facundo Vilarnovo wrote:
> Zul,
> What variables are you referring to? We test setting up the proxy ip on the IE.
> Pointing to port 3128 using http://www.whatsmyipaddress.com, as a result it says it passes the original source ip address (client's ip), but detects a proxy server. Doing totally "transparent" with wccp, nothing configured on IE, we get the same results.
> The point is we are still getting the proxy detected. Using variables like via and XFF, the result of using the XFF and via is that passes the client ip address or don't.

While the above is correct...

> it's seems to have nothing to do with the problem of the cache being visible or don't.
>

...this is not.

> Via off XFF off = clients source ip it's shown, proxy detected.
>

Makes sense. You are still transmitting a X-Forwarded-For header. Just
not populating it with data.

> Via on XFF on = clients source ip it's not shown (shows proxy ip), proxy not detected.
>

This is a bit of a mystery. Perhaps the script is being tricked by
having a valid XFF and VIA header which don't agree with the client
source address.

> Tnxs!
> Facundo Vilarnovo
>

In any case, setting the tag "forwarded_for" to "off" in the squid.conf
file does not prevent its addition by Squid (see
http://www.squid-cache.org/Versions/v2/HEAD/cfgman/forwarded_for.html).
Setting "via off" only prevents the instance of Squid where it is set
from adding its own Via header. Try using...

header_access Via deny all
header_access X-Forwarded-For deny all

...and accessing whatsmyipaddress.com. You might have better luck.

Chris
Received on Wed May 16 2007 - 14:35:40 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT