Re: [squid-users] Really transparent proxy

From: omero omero <hotmadtank@dont-contact.us>
Date: Fri, 4 May 2007 20:09:56 -0700 (PDT)

I did not recieve back my reply from squid site as
usually happens. I did not find it in the bulk or my
inbox.

Nicolas, a friend of Facundo, replied to me directly.
I have chosen to update my post.

I want to make sure that the following message was
recieved by squid users:

Hello Nicolas,

For your own convenience, i have chosen to add the
following:

If you really want to make your proxy server
anonymous. You have to know that disabling Via and XFF
is not enough. To explain my point, i will introduce
you to a header called UserAgent, this is also added
to the HTTP request but it basicly depends on the
client side.

So, what is UserAgent? It is a string added which
contains informaion about the browser type, browser
version, operating system and other information.

How can an ISP or an internet site detect that you are
behind a proxy using UserAgent? Consider the following
example:

- You have two client computers A & B
- Computer A: has Windows NT 5.1 and Internet explorer
6.0 installed on it
- Computer B: has Windows NT 5.1 and IE 7.0

If the two computers attempt to access the internet
SIMULTANEOUSLY, the ISP can detect that requests with
different browser version are being transmited.

An ISP can use this method to detect child proxy
servers.

What can your proxy server do to prevent this? Simply
it must modify UserAgent to one united string. How to
do that in squid? Actually i am a new squid user and i
did not try to find out how. And I don't have much
time for this. I will leave it to you and other squid
users.

Just While I was typing this message, I received a
response to my reply from Chris Robertson. Thank you
Chriss.

He said that even with disabling XFF, XFF will
contain: Unknown. This will definetly allow the ISP to
detect that a request is behind a proxy server. XFF
must not be transmitted at all to prevent detection.

You have to find a way to totally remove the XFF and
Via header. Either by squid or by another proxy
server.

Another reply from Chris Robertson he said that it can
solved using squid. So read it :). I will read it
later.

I am using now a proxy server namely Proxy+, it has an
option Anonymous(No XFF, No Via) for HTTP requests.
XFF and Via will not be sent at all. Again UserAgent
string is still a problem.

There is another program which gives you the ability
to modify UserAgent. Its called Foxy.

Its not recommended to modify UserAgent, because some
sites use this header to send you the page code that
best suits your browser. But if you are looking for
making your proxy server completley anonymous, you
have to consider the UserAgent problem.

Tiered of typing :)
Good Luck

Regards
Omero

--- Chris Robertson <crobertson@gci.net> wrote:

> omero omero wrote:
> > Hello Facundo,
> >
>
> SNIP
>
> > You want to
> > prevent internet servers from detecting that your
> are
> > behind a proxy, therefore you need to disable
> > transmission of Via and XFF.
> >
> > To do that, add the following 2 lines to your
> squid
> > conf file and don't forget to restart the service
> > after you save the file:
> >
> > forwarded_for off
> > via off
> >
>
> One last detail. Setting "forwarded_for off"
> doesn't disable the
> transmission of the X-Forwarded-For header. It just
> removes detail from what it normally transmits. To
> wit:
>
> # TAG: forwarded_for on|off
> # If set, Squid will include your system's IP
> address or name
> # in the HTTP requests it forwards. By
> default it looks like
> # this:
> #
> # X-Forwarded-For: 192.1.2.3
> #
> # If you disable this, it will appear as
> #
> # X-Forwarded-For: unknown
> #
>
> Chris
>

 
____________________________________________________________________________________
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail
Received on Fri May 04 2007 - 21:10:04 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT