Squid Proxy Hide System’s Real IP Address

by on February 19, 2009 · 9 comments· LAST UPDATED February 19, 2009

in , ,

My squid proxy server is displaying system's real IP address. I've a corporate password protected squid proxy server located at 202.54.1.2. My clients works from home or offices via A/DSL / cable connections. Squid should hide all system's IP address, but it is forwarding and displaying the system's IP address. How do I configure squid to hide client's real IP address?

Squid proxy server has directive called forwarded_for. If set, Squid will include your system's IP address or name n the HTTP requests it forwards. By default it looks like
this:
X-Forwarded-For: 191.1.2.5
If you disable this, it will appear as
X-Forwarded-For: unknown
Open squid.conf file:
# vi squid.conf
Set forwarded_for to off:
forwarded_for off
Save and close the file. Restart squid server:
# /etc/init.d/squid restart

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 9 comments… read them below or add one }

1 Mihai Secasiu February 19, 2009 at 10:51 pm

another way of doing this is to just block most of the headers generated by squid , except for a few that are really necessary.

Look for the “paranoid” header_access configuration in squid.conf

Reply

2 Ricardo Sena February 20, 2009 at 11:23 am

hi, friends!

Very good.

Thank you!!!

Reply

3 Protocol February 20, 2009 at 7:04 pm

Its better to use ‘squid -k reconfigure’ rather thant restarting squid as it wont have to stop the cache, so its almost instant.

Reply

4 Pakdoz July 15, 2009 at 6:38 am

Agree with Protocol, I prefer to use ‘squid -k reconfigure’, fast and much better than restarting squid

Reply

5 Tony December 9, 2010 at 3:56 am

I’m also trying to hide my WAN ip. When I go to whatismyip.com, it still shows my WAN IP no matter what. Any additional ideas to try?

I run squid on the same local machine I use to browse the web. So squid runs on 127.0.0.1:3128

forwarded_for off

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access All deny all

Reply

6 Hugo March 23, 2011 at 6:18 am

This ip is not sent in the http header, it comes from the ip-connection direct and cannot be hidden;

Reply

7 HDK August 14, 2011 at 9:28 am

so running squid anonymous or hide IP is not possible using an IP-connection?

Reply

8 Rajnish June 1, 2012 at 7:59 am

I have the below mentioned setup:

User Machine>>>>>>Proxy Server>>>>>Firewall>>>>Internet
a.a.a.a b.b.b.b

When i use the Proxy on Agent Machine traffic to Firewall hits from Proxy Public IP. I want the machine Local IP to Hit the Firewall instead of Proxy IP required for Compliance . Can this be achievable if Yes then what needs to be changed in the Squid Configuration

Reply

9 Adrian March 18, 2013 at 7:24 pm

If you do not want header “X-Forwarded-For: unknown” at all to use proxy anonymously use:

forwarded_for delete

Reply

Leave a Comment

Tagged as: , , , , , , , , ,

Previous Faq:

Next Faq: