Facundo Vilarnovo wrote:
> Chris,
>
> Thanx for your quick answer.
>
You are welcome, but please don't top-post . It makes referencing
messages in the archive much more difficult by ruining the flow of a
conversation.
> We´ve also tried that, now that you mencion it, we are still trying a few combinations of the following lines.
>
> header_access Via deny all / none
> header_access X-Forwarded-For deny all / none
> via off / on / deny
> forwarder_for off / on / deny
>
Defining "header_access Via deny all" will prevent your Squid from
passing ANY Via headers. Also specifying "via on" (or "via off") is
superfluous. Same thing for "header_access X-Forwarded-For deny all".
Be sure you have not changed the definition of the "all" ACL. An
earlier post shows it intact.
>
> The best result we´ve got is that is not detecting the proxy server..........but it is still going out with proxy ips.
>
I maintain, that is an odd result.
>
> Some conclusion left we are studying are:
>
> -Our squid has only one nic, not two like lots of examples here. (eth0 + gre0)
>
If I'm not mistaken, gre0 is a virtual interface, not a physical one.
> -We are using REDIRECT in iptables instead of nat........has anything to do with that?
>
It might. Set the header_access denies I suggested, surf to
http://devel.squid-cache.org/cgi-bin/test with a proxied client and post
the first three lines of the results (source address, via, and forwarded
from).
> -We are trying transparently (not setting proxy con IE) and forcing it.......results are the same i guess?
>
This shouldn't make a difference in how a website perceives the
traffic. Just in how the browser requests it.
Chris
Received on Wed May 16 2007 - 16:45:40 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT