Re: [squid-users] Whatismyip response behind squid from Amos Jeffries on 2011-08-18 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Aug 2011 21:18:13 +1200

On 18/08/11 18:35, a bv wrote:
> Hi,
>
> I have several squid boxes running. There is one which when i set it
> on the proxy configuration on my client PCs browser then open
> www.whatismyip.com , It not only bring its real NAT IP , but also

"real NAT IP". So you have a fake NAT IP?

Unplug your phone then try to make a phone call. Works yes?

Call a friend then tell them to call you back at a number you make up in
your head during the phone call. Works yes?

Your IP is your contact point _for that one transaction_. There is no
guarantee the next transaction will use the same one. Unless your ISP
are selling you a static IP.

> below information too. What makes the site gets these information and
> how can prevent or change this banner?
>

They have that information because:
  -> You visited them and your browser tried to hand your PCs
information over.
  -> Squid erased pieces of that and replaced it with Squids information.
  -> Your NAT box erased pieces of Squids information and handed its own
over instead.

So what they see is a visit from <your browser> on machine <squid host
(squid)> at <NAT box public IP>.

Its not exactly rocket science to detect that a machine calling itself
squid is *possibly* a proxy.

You can doctor the config and make Squid show your "real" internal IPs
and information. You want that?

Or would you rather this composite external "view" of you be visible?

>
> Regards
>
> What Is My IP Address - WhatIsMyIP.com
> Your IP Address Is: x.y.z.t
> Possible Proxy Detected: 1.0 myproxyhostname.mydomain.com :8080
> (squid/2.6.STABLE6)

You can suppress the particular squid version details with:

httpd_suppress_version_string on

Most people trying to be anonymous also turn off the "via" directive.
This only hides the proxy HTTP/1.0 version details. So can screw up
websites which rely on it to disable certain HTTP/1.1-only features. Up
to you.

Nothing can hide the NAT details. They are your public IP address used
at the packet level to receive the webpage.

IP address in the 192.168.* or 10.* "private" ranges are shared by so
many people there is nothing unique about them. As anonymous as you can
get. Similar to everyone naming themselves by only the first two letters
of their surname. How many millions of people have the same two letters?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.10

Received on Thu Aug 18 2011 - 09:18:26 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 18 2011 - 12:00:04 MDT