[squid-users] anonymous squid setup on digital ocean centos 6 but my IP still detected

Alex Muir alex at tech.jahtoe.com
Mon Mar 6 18:13:04 UTC 2017 

Eliezer
Thanks for your good advice..

Regards
Alex
tech.jahtoe.com
bafila.jahtoe.com

On 6 Mar 2017 17:30, "Eliezer Croitoru" <eliezer at ngtech.co.il> wrote:

> Hey Alex,
>
> First goes first: If you spin any version of CentOS these days I recommend
> to use CentOS 7 and not 6.
> This is also based on many use cases which proved(to me and many others)
> that the kernel and many other components improved performance.
> If you already spinoff a server to mask your IP I believe that the more
> "perfected" way to do so is using a VPN.
> Specifically OpenVPN and a CentOS 7 with pritunl on it as the management
> web interface for OpenVPN.
> The instructions on how to install it are at:
> https://docs.pritunl.com/docs/installation
>
> The client can be found at:
> https://openvpn.net/index.php/open-source/downloads.html
>
> And it would mask your IP address for all of your connections from the
> machine you are working on.
> Notice that some that the reason your IP is not masked is since there are
> scripts which can run on html5 and can bypass the proxy settings.
>
> Let me know if you need more help.
>
> Eliezer
>
> ----
> http://ngtech.co.il/lmgtfy/
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Alex Muir
> Sent: Monday, March 6, 2017 1:31 PM
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] anonymous squid setup on digital ocean centos 6 but
> my IP still detected
>
>
>
> Greetings,
>
> I have implemented the following https://www.digitalocean.com/
> community/tutorials/how-to-install-squid-proxy-on-centos-6 from digital
> ocean which sets up squid with settings to not have my IP address forwarded.
> I'm finding however that my local IP is still detected when I google what
> my local ip address is.  I've configured firefox browser to use the proxy
> and have confirmed that it is using the proxy. Additionally https goes
> through the proxy however http is blocked. I'd like to ensure that http is
> not blocked.
> What changes do I need to make to get this working as desired?
> Here is the squid config setup:
> [root at CENTOSMASTER ~]# cat /etc/squid/squid.conf
> #
> # Recommended minimum configuration:
> #
> acl manager proto cache_object
> acl localhost src http://127.0.0.1/32 ::1
> acl to_localhost dst http://127.0.0.0/8 http://0.0.0.0/32 ::1
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src http://10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src http://172.16.0.0/12  # RFC1918 possible internal network
> acl localnet src http://192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7       # RFC 4193 local private network range
> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged)
> machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80      # http
> acl Safe_ports port 21      # ftp
> acl Safe_ports port 443     # https
> acl Safe_ports port 70      # gopher
> acl Safe_ports port 210     # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280     # http-mgmt
> acl Safe_ports port 488     # gss-http
> acl Safe_ports port 591     # filemaker
> acl Safe_ports port 777     # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access deny manager
>
> # Deny requests to certain unsafe ports
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> #http_access deny CONNECT !SSL_ports
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 3128
>
> # Uncomment and adjust the following to add a disk cache directory.
> #cache_dir ufs /var/spool/squid 100 16 256
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp:       1440    20% 10080
> refresh_pattern ^gopher:    1440    0%  1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
> refresh_pattern .       0   20%
>
> via off
> forwarded_for off
>
> request_header_access Allow allow all
> request_header_access Authorization allow all
> request_header_access WWW-Authenticate allow all
> request_header_access Proxy-Authorization allow all
> request_header_access Proxy-Authenticate allow all
> request_header_access Cache-Control allow all
> request_header_access Content-Encoding allow all
> request_header_access Content-Length allow all
> request_header_access Content-Type allow all
> request_header_access Date allow all
> request_header_access Expires allow all
> request_header_access Host allow all
> request_header_access If-Modified-Since allow all
> request_header_access Last-Modified allow all
> request_header_access Location allow all
> request_header_access Pragma allow all
> request_header_access Accept allow all
> request_header_access Accept-Charset allow all
> request_header_access Accept-Encoding allow all
> request_header_access Accept-Language allow all
> request_header_access Content-Language allow all
> request_header_access Mime-Version allow all
> request_header_access Retry-After allow all
> request_header_access Title allow all
> request_header_access Connection allow all
> request_header_access Proxy-Connection allow all
> request_header_access User-Agent allow all
> request_header_access Cookie allow all
> request_header_access All deny all
>
> I've posted the question on stackoverflow
>
> http://serverfault.com/questions/836385/anonymous-
> squid-setup-on-digital-ocean-centos-6-but-my-ip-still-detected
>
> Regards
> Alex Muir
> Chief Data Engineer/Architect
> Jahtoe Technology
> http://tech.jahtoe.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170306/70050700/attachment.html>

More information about the squid-users mailing list