Re: [squid-users] how to NOT ALLOW to forward proxy

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 1 May 2005 23:45:54 +0200 (CEST)

On Wed, 20 Apr 2005, Funieru Bogdan wrote:

>> themselves in the requests. However if the proxy
>> follows the RFC you
>> should be able to look for a Via:, X-Forwarded-For:
>> or other proxy
>> generated request header line. But not all proxies
>> adds these request
>> headers.
>>
>
> how can i do this ?? where can i find som info, and
> how does it work ?

See the req_header acl in squid-2.5.STABLE9 (appeared first in
2.5.STABLE8, but broken there..)

> this is rather hard because i have a lot of users and
> to pass arround the pass for each individual would be
> a really messy job

Noone said it would be easy. But it is quite likely easier than try to
identify all those kinds of proxies, many of which leaves no traces other
than that you get requests from many different users from the same IP.

>> The final option is to run statistics, and look
>> closely at the traffic
>> from suspected users (preferably with the User-Agent
>> header preserved) to
>> judge if this traffic is reasonably from one person
>> or if there is many
>> persons behind this IP.
>>
>
> this could work but what if there are users that just
> happen to download a demo in a day a demo of 400 mb...
> so this won't work as well

I didn't say you should base this on amount of data transferred. Not very
relevant.

More releveant is if you see several different User-Agent headers in the
same time period from the same IP, indicating that several different
browser or OS versions/models is in use... or that you see concurrent
traffic for very many different web sites in a pattern not realistic for a
single human.

Regards
Henrik
Received on Sun May 01 2005 - 15:45:57 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT