RE: [squid-users] Really transparent proxy

Hello Nicolas,

For your own convenience, i have chosen to add the
following:

If you really want to make your proxy server
anonymous. You have to know that disabling Via and XFF
is not enough. To explain my point, i will introduce
you to a header called UserAgent, this is also added
to the HTTP request but it basicly depends on the
client side.

So, what is UserAgent? It is a string added which
contains informaion about the browser type, browser
version, operating system and other information.

How can an ISP or an internet site detect that you are
behind a proxy using UserAgent? Consider the following
example:

- You have two client computers A & B
- Computer A: has Windows NT 5.1 and Internet explorer
6.0 installed on it
- Computer B: has Windows NT 5.1 and IE 7.0

If the two computers attempt to access the internet
SIMULTANEOUSLY, the ISP can detect that requests with
different browser version are being transmited.

An ISP can use this method to detect child proxy
servers.

What can your proxy server do to prevent this? Simply
it must modify UserAgent to one united string. How to
do that in squid? Actually i am a new squid user and i
did not try to find out how. And I don't have much
time for this. I will leave it to you and other squid
users.

Just While I was typing this message, I received a
response to my reply from Chris Robertson. Thank you
Chriss.

He said that even with disabling XFF, XFF will
contain: Unknown. This will definetly allow the ISP to
detect that a request is behind a proxy server. XFF
must not be transmitted at all to prevent detection.

You have to find a way to totally remove the XFF and
Via header. Either by squid or by another proxy
server.

Another reply from Chris Robertson he said that it can
solved using squid. So read it :). I will read it
later.

I am using now a proxy server namely Proxy+, it has an
option Anonymous(No XFF, No Via) for HTTP requests.
XFF and Via will not be sent at all. Again UserAgent
string is still a problem.

There is another program which gives you the ability
to modify UserAgent. Its called Foxy.

Its not recommended to modify UserAgent, because some
sites use this header to send you the page code that
best suits your browser. But if you have are looking
for making your proxy server completley anonymous, you
have to consider the UserAgent problem.

Tiered of typing :)
Good Luck

Regards
Omero

--- Nicolas Royo <nroyo@ertach.com> wrote:

> Thanxs Omero,
>
> I was passively watching closely this steps since im
> working with facundo on implementing a squid-wccp on
> a small ISP on our country.
>
> Greetings for the answer, ill be trying them and
> leting you know if it worked!
>
>
>
> ________________________________
>
> De: omero omero [mailto:hotmadtank@yahoo.com]
> Enviado el: vie 04/05/2007 20:52
> Para: squid-users@squid-cache.org
> Asunto: Re: [squid-users] Really transparent proxy
>
>
>
> Hello Facundo,
>
> I read you message and the replies. I think that the
> replies did not solve your problem. I did not open
> the
> links provided, but i read the conclusion which is
> to
> deny Via and X-Forwarded-For (XFF). You do not need
> to
> deny anything. Actually, you need to disable the
> transmission of Via and XFF. There is a big
> difference
> between [denying Via and XFF] and [disabling
> transmission of Via and XFF]. Denying Via and XFF is
> to deny HTTP requests that comes from a client which
> has a proxy server installed on it (with Via and XFF
> bieng enbaled on that proxy server). You want to
> prevent internet servers from detecting that your
> are
> behind a proxy, therefore you need to disable
> transmission of Via and XFF.
>
> To do that, add the following 2 lines to your squid
> conf file and don't forget to restart the service
> after you save the file:
>
> forwarded_for off
> via off
>
>
> BUT WAIT, you said that at your server, you did not
> set any proxy and the site you enter is detecting
> that
> you are behind a proxy. Actually, this is not
> related
> to the squid proxy server installed on your server.
> You get internet from an ISP, and this ISP has a
> proxy
> server on it. Right? Sure. The proxy server of your
> ISP will add the Via and XFF. You can't do anything
> about it from your side. You might want to use
> ANONYMOUS proxy servers that can serve your purpose
> by
> modifying requests after they are in no more
> controlled by your ISP. Requests go likes this: You
> --> Your ISP --> Anonymous Proxy server --> Target
> Site.
>
> Regards.
>
>
>
> --- Adrian Chadd <adrian@creative.net.au> wrote:
>
> > On Thu, May 03, 2007, Chris Robertson wrote:
> > > Facundo Vilarnovo wrote:
> > > >Hello squid users!
> > > > I don't know if there's any post about this,
> > but, maybe not...
> > > >anyone knows if there's any way for making
> > transparent the squid for
> > > >those pages that tells you what its your ip?,
> for
> > example, right now I
> > > >am behind my transparent squid with wccp, and
> if
> > I go to any site like
> > > >http://www.adsl4ever.com/ip/ it tells my ip
> > address, and also tells me,
> > > >that I am behind a proxy. Like I say before I
> > don't have any explicit
> > > >configuration on my browser that points to the
> > squid.
> > > >
> > > >PS: I'd also try another pages like this..
> > happens the same!
> > > >
> > > >
> > > >Regards
> > > >Facundo
> > > >
> > >
> > >
> >
>
http://www.squid-cache.org/mail-archive/squid-users/200604/0013.html
> > and
> > > the response at
> > >
> >
>
http://www.squid-cache.org/mail-archive/squid-users/200604/0014.html
> > >
> > > In short:
> > >
> > > header_access Via deny all
> > > header_access X-Forwarded-For deny all
> >
> > And check "TPROXY" and Squid-2.6. Its supported in
> > squid-3, but some features
> > have yet to be ported.
> >
> >
> >
> >
> > Adrian
> >
> >
>
>
>
>
>
____________________________________________________________________________________
> 8:00? 8:25? 8:40? Find a flick in no time
> with the Yahoo! Search movie showtime shortcut.
> http://tools.search.yahoo.com/shortcuts/#news
>
>
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Fri May 04 2007 - 19:50:21 MDT