Re: [squid-users] how to NOT ALLOW to forward proxy

From: Henrik Nordstrom <[email protected]>
Date: Wed, 20 Apr 2005 01:12:20 +0200 (CEST)

On Tue, 19 Apr 2005, Funieru Bogdan wrote:

> hello guys,
> i have a rather BIG problem,i want to know if there
> is,and if there is what it is,to not allow others to
> forward the proxy to other computers.

I think you are asking if there is means to stop people from running
child proxies inside your network.

Not easily. Some of these make a pretty good job of not revealing
themselves in the requests. However if the proxy follows the RFC you
should be able to look for a Via:, X-Forwarded-For: or other proxy
generated request header line. But not all proxies adds these request
headers.

Authentication can also be relatively efficient in fighting this, but you
should be aware there is proxies which allow the authentication
credentials to be statically configured to defeat this..

The final option is to run statistics, and look closely at the traffic
from suspected users (preferably with the User-Agent header preserved) to
judge if this traffic is reasonably from one person or if there is many
persons behind this IP.

Regards
Henrik
Received on Tue Apr 19 2005 - 17:12:21 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT