y squid proxy server is displaying system’s real IP address. I’ve a corporate password protected squid proxy server located at 188.8.131.52. My clients work from home or offices via A/DSL / cable connections. Squid should hide all system’s IP address, but it is forwarding and displaying the system’s (client computers internal) IP address. How do I configure squid to hide client’s real IP address?
Q. How do I block any website accessing the Internet using squid proxy server?
A. You can simply use squid ACL to block access to any web site. There are 3 steps:
#1. Create a text file with blocked domain name list such as baddomain1.com, mail.yahoo.com, gmail.com and so on
#2. Define Acl
#3. Restart squid
First, create a file called /etc/squid/blocked.domains.acl
# vi /etc/squid/blocked.domains.acl
Append domain names,
Save and close the file. Open squid.conf file:
# vi /etc/squid/squid.conf
Create acl called blockeddomain:
acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"
Deny http access, enter:
http_access deny blockeddomain
Close and save the file. Restart squid proxy server:
# /etc/init.d/squid restart
Q. I was referring to your Squid transparent proxy configuration howto, and my question to you – can proxy authentication be done in transparent mode?
A. Short answer: noop, you cannot use Squid proxy authentication in transparent mode.
From official squid docs:
Authentication cannot be used in a transparently intercepting proxy as the client then thinks it is talking to an origin server and not the proxy. This is a limitation of bending the TCP/IP protocol to transparently intercepting port 80, not a limitation in Squid.
Q. I’m using Squid Cache Version 2.6.STABLE. It is configured perfectly and I’d like to know how do I allow squid to only authenticated users?
A. Squid can authenticate users if squid is configured to use proxy_auth ACLs. Browsers send the user’s authentication credentials in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.
If the header is missing, Squid returns an HTTP reply with status 407 (Proxy Authentication Required). The user agent (browser) receives the 407 reply and then prompts the user to enter a name and password. The name and password are encoded, and sent in the Authorization header for subsequent requests to the proxy.
Your Squid software comes with a few authentication helper programs. These include (click link below to open Squid cache authentication configuration tutorial):