≡ Menu

Squid Proxy Hide System’s Real IP Address

My squid proxy server is displaying system's real IP address. I've a corporate password protected squid proxy server located at 202.54.1.2. My clients works from home or offices via A/DSL / cable connections. Squid should hide all system's IP address, but it is forwarding and displaying the system's IP address. How do I configure squid to hide client's real IP address?

Squid proxy server has directive called forwarded_for. If set, Squid will include your system's IP address or name n the HTTP requests it forwards. By default it looks like
this:
X-Forwarded-For: 191.1.2.5
If you disable this, it will appear as
X-Forwarded-For: unknown
Open squid.conf file:
# vi squid.conf
Set forwarded_for to off:
forwarded_for off
Save and close the file. Restart squid server:
# /etc/init.d/squid restart

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 9 comments… add one }

  • Mihai Secasiu February 19, 2009, 10:51 pm

    another way of doing this is to just block most of the headers generated by squid , except for a few that are really necessary.

    Look for the “paranoid” header_access configuration in squid.conf

  • Ricardo Sena February 20, 2009, 11:23 am

    hi, friends!

    Very good.

    Thank you!!!

  • Protocol February 20, 2009, 7:04 pm

    Its better to use ‘squid -k reconfigure’ rather thant restarting squid as it wont have to stop the cache, so its almost instant.

  • Pakdoz July 15, 2009, 6:38 am

    Agree with Protocol, I prefer to use ‘squid -k reconfigure’, fast and much better than restarting squid

  • Tony December 9, 2010, 3:56 am

    I’m also trying to hide my WAN ip. When I go to whatismyip.com, it still shows my WAN IP no matter what. Any additional ideas to try?

    I run squid on the same local machine I use to browse the web. So squid runs on 127.0.0.1:3128

    forwarded_for off

    request_header_access Allow allow all
    request_header_access Authorization allow all
    request_header_access WWW-Authenticate allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Proxy-Authenticate allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Encoding allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Expires allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Last-Modified allow all
    request_header_access Location allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all
    request_header_access Content-Language allow all
    request_header_access Mime-Version allow all
    request_header_access Retry-After allow all
    request_header_access Title allow all
    request_header_access Connection allow all
    request_header_access Proxy-Connection allow all
    request_header_access All deny all

  • Hugo March 23, 2011, 6:18 am

    This ip is not sent in the http header, it comes from the ip-connection direct and cannot be hidden;

  • HDK August 14, 2011, 9:28 am

    so running squid anonymous or hide IP is not possible using an IP-connection?

  • Rajnish June 1, 2012, 7:59 am

    I have the below mentioned setup:

    User Machine>>>>>>Proxy Server>>>>>Firewall>>>>Internet
    a.a.a.a b.b.b.b

    When i use the Proxy on Agent Machine traffic to Firewall hits from Proxy Public IP. I want the machine Local IP to Hit the Firewall instead of Proxy IP required for Compliance . Can this be achievable if Yes then what needs to be changed in the Squid Configuration

  • Adrian March 18, 2013, 7:24 pm

    If you do not want header “X-Forwarded-For: unknown” at all to use proxy anonymously use:

    forwarded_for delete

Leave a Comment