Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid 3.1.20 pkg 2.0.6 header issue?

    pfSense Packages
    4
    7
    2106
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alpha last edited by

      I face some difficulties to access some of the website, and finally figure out it's about the presence of proxy.

      With Squid3, the proxy detection was always positive with the Header leakage.
      With Squid2, the proxy detection was always negative, and everything works fine.
      (You may try with http://whatismyipaddress.com/proxy-check)

      I have successfully replicated the case with newly install pfsense (2.0.3-RELEASE) on three different VM. May i know if anyone face the same issue?

      Just go "google" a while, some suggest that squid3 requires special flag during compile to support the "Disable X-Forward" and 'Disable VIA" features which suppress the header.

      1 Reply Last reply Reply Quote 0
      • B
        boshaus last edited by

        hmm, i'm running the same version on 2.1beta x86 and it is not detecting my proxy server.

        1 Reply Last reply Reply Quote 0
        • A
          alpha last edited by

          @boshaus:

          hmm, i'm running the same version on 2.1beta x86 and it is not detecting my proxy server.

          Thanks, if it's the case, it's possible that the problem is fixed in the 2.1 beta version and remains not fixed for the stable version 2.0.

          1 Reply Last reply Reply Quote 0
          • A
            alpha last edited by

            Seems nobody else face the same issue?

            1 Reply Last reply Reply Quote 0
            • J
              jg3 last edited by

              I have seen the same issue.

              Running pfSense 2.1-Release, Squid package 3.1.20 pkg 2.0.6, with Transparent Proxy, Disable X-Forward, and Disable via, Suppress Squid Version all selected.  Proxy checker at http://ip.my-proxy.com/  verifies that the HTTP_X_FORWARDED_FOR header is still present, only changed from the IP of the source machine to "unknown".

              Is there a fix?

              Thanks,

              –jg3

              1 Reply Last reply Reply Quote 0
              • J
                jg3 last edited by

                Ok, I solved this, here's how:

                in the Custom Options field at the bottom of the Squid General Settings tab I put the following lines:

                
                # privacy stuff so squid is undetectable
                via off
                httpd_suppress_version_string    on
                forwarded_for delete
                

                … and saved the config.  I believe the real problem is the way the option for "Disable X-Forward" is implemented.  From what I can tell only the last line is essential (assuming you tick the "Disable Via" and "Suppress Squid Version" boxes), but these three together are how-to make Squid undetectable.

                1 Reply Last reply Reply Quote 0
                • marcelloc
                  marcelloc last edited by

                  I'll include it on squi3-dev. Thanks for the feedback.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy