代理服务 squid 隐藏真实ip

最新推荐文章于 2024-04-04 09:42:25 发布

盘古开智

最新推荐文章于 2024-04-04 09:42:25 发布

阅读量5.5k

点赞数 3

分类专栏： openwrt

openwrt 专栏收录该内容

4 篇文章

订阅专栏

本文介绍如何通过配置Squid代理服务器来隐藏客户端的真实IP地址，包括修改配置文件的具体指令及重启服务的方法。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

修改/etc/squid/squid.config 文件增加如下两行;

# Hide client ip #
forwarded_for delete
 
# Turn off via header #
via off
 
# Deny request for original source of a request
follow_x_forwarded_for deny all
 
# See below 
request_header_access X-Forwarded-For deny all

Squid Proxy Hide System’s Real IP Address

February 19, 2009 in Linux, Networking, Security, Squid, Troubleshooting, UNIX last updated January 17, 2016

My squid proxy server is displaying system’s real IP address. I’ve a corporate password protected squid proxy server located at 202.54.1.2. My clients work from home or offices via A/DSL / cable connections. Squid should hide all system’s IP address, but it is forwarding and displaying the system’s IP address. How do I configure squid to hide client’s real IP address?

Squid proxy server has a directive called forwarded_for. If set, Squid will include your system’s IP address or a name of the HTTP requests it forwards. By default it looks like
this:
X-Forwarded-For: 191.1.2.5
If you disable this (set to “ off“), it will appear as
X-Forwarded-For: unknown
If set to “ transparent“, Squid will not alter the X-Forwarded-For header in any way. If set to “ delete“, Squid will delete the entire X-Forwarded-For header. If set to “ truncate“, Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry Configuration

Open squid.conf file:
# vi squid.conf
Or (for squid version 3)
# vi /etc/squid3/squid.conf
Set forwarded_for to off:
forwarded_for off
OR set it to delete:
forwarded_for delete
Save and close the file.

Reload squid server

You need to restart the squid server, enter:
# /etc/init.d/squid restart
OR
# squid -k reconfigure
For squid version 3, run:
# squid3 -k reconfigure
Here are my options:

# Hide client ip #
forwarded_for delete
 
# Turn off via header #
via off
 
# Deny request for original source of a request
follow_x_forwarded_for deny all
 
# See below 
request_header_access X-Forwarded-For deny all

Say hello to request_header_access

By default, all headers are allowed (no anonymizing is performed for privacy). You can anonymize outgoing HTTP headers (i.e. headers sent by Squid to the following HTTP hop such as a cache peer or an origin server) to create the standard or paranoid experience. The following option are only tested on squid server version 3.x:

Squid standard anonymizer privacy experience

Set the following options in squid3.conf:

 request_header_access From deny all
 request_header_access Referer deny all
 request_header_access User-Agent deny all

Save and close the file. Do not forget to restart the squid3 as described above.

Squid standard privacy experience

Set the following options in squid3.conf:

  request_header_access Authorization allow all
  request_header_access Proxy-Authorization allow all
  request_header_access Cache-Control allow all
  request_header_access Content-Length allow all
  request_header_access Content-Type allow all
  request_header_access Date allow all
  request_header_access Host allow all
  request_header_access If-Modified-Since allow all
  request_header_access Pragma allow all
  request_header_access Accept allow all
  request_header_access Accept-Charset allow all
  request_header_access Accept-Encoding allow all
  request_header_access Accept-Language allow all
  request_header_access Connection allow all
  request_header_access All deny all

Save and close the file. Do not forget to restart the squid3 as described above.