1

I have setup squid proxy on a CentOs server where I set forwarded_for to delete and denied request headers on the /etc/squid/squid.conf file. However, whilst connected to the proxy, if I visit http://ip-check.net/detect-proxy.php it still detects that I'm using a proxy. How can I configure Squid to hide the fact that I'm using a proxy?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Oussama
  • 11
  • 1
  • The relevant detail here is how that service detects proxies. Do you know that detail? – schroeder Dec 13 '20 at 08:09
  • 1
    For Reviewers: In my opinion it is normal question. It fits Security SE and arguably also Superuser SE. I keep it open. – mentallurg Dec 13 '20 at 17:02
  • Not sure if squid will add extra headers and that service is checking that... – camp0 Dec 13 '20 at 19:42
  • 1
    Here's the [sanitized] config I use on every new Squid install: https://antipaucity.com/2018/07/18/a-fairly-comprehensive-squid-configuration-for-proxying-all-the-http-things/#.YDe5S2NOmc4. I've never had a proxy identified by any of these 5 sites using that config: https://antipaucity.com/2018/10/11/do-you-leak/#.YDe5pmNOmc4. – warren Feb 25 '21 at 14:52

1 Answers1

2

The URL you've used seems to determine if a client uses a proxy not (only) based on HTTP headers but also where the request comes from.

To check I've used ssh -Dport dst, which creates a SOCKS proxy listening locally on the given port and where the traffic then comes out of the proxy with the IP address of the SOCKS endpoint. I've tried this with an external system at some public hoster and with localhost as a target: in case of localhost the URL claimed that no proxy was used while in case of the external system it claimed that a proxy was used. But the difference here was only in the source IP of the traffic, not in the use of a proxy.

While no details are known it is possible that this specific detection algorithm distinguishes between IP addresses which are associated with public hosting sites and other IP addresses, and in the first case simply assumes the use of some proxy, VPN or similar.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424