Chris, Thanx for your quick answer. We´ve also tried that, now that you mencion it, we are still trying a few combinations of the following lines. header_access Via deny all / none header_access X-Forwarded-For deny all / none via off / on / deny forwarder_for off / on / deny The best result we´ve got is that is not detecting the proxy server..........but it is still going out with proxy ips. Some conclusion left we are studying are: -Our squid has only one nic, not two like lots of examples here. (eth0 + gre0) -We are using REDIRECT in iptables instead of nat........has anything to do with that? -We are trying transparently (not setting proxy con IE) and forcing it.......results are the same i guess?
-----Mensaje original----- De: Chris Robertson [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 16 de Mayo de 2007 05:36 p.m. Para: [email protected] Asunto: Re: [squid-users] Really transparent proxy Facundo Vilarnovo wrote: > Zul, > What variables are you referring to? We test setting up the proxy ip on > the IE. > Pointing to port 3128 using http://www.whatsmyipaddress.com, as a result it > says it passes the original source ip address (client's ip), but detects a > proxy server. Doing totally "transparent" with wccp, nothing configured on > IE, we get the same results. > The point is we are still getting the proxy detected. Using variables like > via and XFF, the result of using the XFF and via is that passes the client ip > address or don't. While the above is correct... > it's seems to have nothing to do with the problem of the cache being visible > or don't. > ...this is not. > Via off XFF off = clients source ip it's shown, proxy detected. > Makes sense. You are still transmitting a X-Forwarded-For header. Just not populating it with data. > Via on XFF on = clients source ip it's not shown (shows proxy ip), proxy not > detected. > This is a bit of a mystery. Perhaps the script is being tricked by having a valid XFF and VIA header which don't agree with the client source address. > Tnxs! > Facundo Vilarnovo > In any case, setting the tag "forwarded_for" to "off" in the squid.conf file does not prevent its addition by Squid (see http://www.squid-cache.org/Versions/v2/HEAD/cfgman/forwarded_for.html). Setting "via off" only prevents the instance of Squid where it is set from adding its own Via header. Try using... header_access Via deny all header_access X-Forwarded-For deny all ...and accessing whatsmyipaddress.com. You might have better luck. Chris
