[squid-users] Client IP spoofing via squid proxy
Amos Jeffries
squid3 at treenet.co.nz
Tue May 5 15:00:04 UTC 2015
On 6/05/2015 2:25 a.m., Ambadas Hibare wrote:
> Hi,
>
> I trying to spoof client IP via squid proxy by following squid's
> TPROXY4 wiki page: http://wiki.squid-cache.org/Features/Tproxy4
>
> But I want to know whether squid can spoof client IP when we send
> proxy format HTTP request from Mozilla (ie configuring proxy & port
> in mozilla). Can squid proxy behave transparently towards only the
> web server & not the client?
No. It can be both ways, or just towards the client.
>
> I've tried sending proxy format HTTP request from client to squid box
> (on 3129 tproxy port), but I am getting Header forgery error Also
> its trying to connect to itself instead of web server. I am trying to
> understand why squid is trying to match host header's DNS with the
> destination IP instead of connecting to host header's DNS (like
> normal proxy behaviour on port 3128).
>
To prevent CVE-2009-0801 happening.
You must not send regular forward-proxy traffic to a tproxy or intercept
port. Forwarding loops are guaranteed if you do.
Amos
More information about the squid-users
mailing list