Squid not working?



  • Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5
    Accept-Language: en-us
    Connection: keep-alive
    Host: www.grc.com
    Referer: http://www.grc.com/x/ne.dll?rh1dkyd2
    User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5_8; en-us) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19
    Cookie: pcss=dn5na3n1i2acw; pico=y4n22uspssptx; ppag=dn5na3n1i2acw; tcss=dn5na3n1i2acw; tico=y4n22uspssptx; tpag=dn5na3n1i2acw
    Content-Length: 31
    Content-Type: application/x-www-form-urlencoded
    Origin: http://www.grc.com
    FirstParty: https://www.grc.com
    ThirdParty: https://www.grctech.com
    Secure: https://www.grc.com
    Nonsecure: http://www.grc.com
    Session: oku0njgolnnyo

    I thought I had Squid up and running but my browser's requests continue to display information I want removed. See above for my output from GRC's browser request page (https://www.grc.com/x/ne.dll?rh1dkyd2). Note that I've checked "Disable X-Forward" and "Disable VIA" under Squid's general settings and have these "custom options":

    never_direct allow all;cache_peer 127.0.0.1 parent 8080 0 name=havp no-query no-digest no-netdb-exchange default;header_replace User-Agent SecretBrowser/5.0 (iPhone; U; Commodore64; en);header_replace Referer unknown;redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3;header_access X-Forwarded-For deny all

    What's wrong?



  • Be aware that hiding or changing the Referer header may result in many web sites appearing broken.

    What version of pfSense and Squid do you have installed.  You have configured your browser to use the proxy?  Your problem may be because you've got ';' characters in the User-Agent string - something the web interface uses as a delimiter.  Try removing or escaping them.



  • @Cry:

    Be aware that hiding or changing the Referer header may result in many web sites appearing broken.

    What version of pfSense and Squid do you have installed.  You have configured your browser to use the proxy?  Your problem may be because you've got ';' characters in the User-Agent string - something the web interface uses as a delimiter.  Try removing or escaping them.

    Thank you for your response.

    I'm using Squid v. 2.6.21_10 with SquidGuard 1.3-2.

    And you're right about the delimiters. I actually found that particular text from Novell's site (http://www.novell.com/communities/node/3331/squid-proxy-anonymous-browsing) and questioned why the author would use semicolons. I'm hardly a computer expert, however, so figured it was OK. I've since removed the semicolons but haven't seen any changes.

    And what proxy address do I use in the browser? Don't I just use my pfSense (a.k.a., the router) address as Squid, the proxy, is running from there?



  • Did you restart Squid after the changes?

    Yes, you use the relevant IP address of your pfSense host as the proxy address.



  • @Cry:

    Did you restart Squid after the changes?

    Yes, you use the relevant IP address of your pfSense host as the proxy address.

    By relevant IP you mean the LAN address or the WAN address? Sorry…I'm new to all of this and I'm unable to get this working.



  • The address of the interface you're connected to, which will probably be the LAN interface.



  • @Cry:

    The address of the interface you're connected to, which will probably be the LAN interface.

    Which brings up another question: When do you run Squid on the WAN interface and when do run Squid on the LAN interface? When on both?

    Ugh…there's so much to learn...



  • You run it on the interface(s) you want people to connect to it from.  If everybody who uses it is on the LAN (or behind the LAN) you run it on the LAN interface.  If people connect to it from the WAN then you would have it listen on the WAN interface (and ensure that you've secured it and locked it down to authenticated users only).



  • Thanks, Cry Havok, for your help. I did, indeed, have it set to the LAN side but it's still not filtering out browser/OS information. I truly wish there were comprehensive "beginner" guides to Squid, SquidGuard, and HAVP. I've picked up bit and pieces of information playing around with various settings in those packages but the "big picture" is completely muddied. If someone has basic settings that work for those three packages running concurrently, I'd appreciate sending them my way. Once I get these going, I'll be able to work backwards to gain an understanding of how Part "A" goes with Part "B," figuratively speaking.



  • SquidGuard is effectively a plug-in for Squid.  HAVP is another proxy, like Squid.  This means that HAVP and Squid run in series.  All have documentation on their respective web sites (though Squid's documentation is the most mature).

    I'd strongly recommend that you start with just Squid.  Get that working the way you want it to and then add SquidGuard.  Get Squid+SquidGuard working the way you want it to and then add HAVP.


Log in to reply