[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proxy ip

On Tue,  5 Oct 2004 11:52:20 +0200
mrcapacci@free.fr wrote:

>Quoting messmate <messmate@free.fr>:
>
>> On Tue, 05 Oct 2004 10:19:44 +0200
>> "Thomas W. Capacci" <mrcapacci@free.fr> wrote:
>>
>> >messmate wrote:
>> >> Bonjour,
>> >> j'ai un routeur/firewall/proxy pour mon petit réseau.
>> >> Après vérification je me suis aperçu que l'IP de mes
>> >> machines est visible de l'extérieur !
>> >> Y-a-t-il un moyen d'éviter cela ? Peut-être à travers
>> >> mon proxy en mettant une IP bidule ?
>> >> Merçi d'avance
>> >> mess-mate
>> >>
>> >>
>> >>
>> >en supposant que tu utilises squid tu peux indiquer
>> >client_netmask 255.255.255.0
>> >pour préserver l'anonymat des clients uniquement sur les requêtes au
>> >proxy sinon tu peux utiliser le masquerading de ton firewall.
>> >
>> >--
>> Je viens de controler après avoir changé la client_netmask et
>> une réinit de squid.
>> Mais l'ip de la machine est toujours là:
>> Accept:
>>
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pl
>a> in;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
>Accept-Language:> fr,en;q=0.8,ru;q=0.5,zh;q=0.3 Connection: keep-alive
>> Host: www.grc.com
>> Referer: http://www.grc.com/x/ne.dll?rh1dkyd2
>> User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.6)
>> Gecko/20040413 Debian/1.6-5 StumbleUpon/1.998 Content-Length: 32
>> Content-Type: application/x-www-form-urlencoded
>> Via: 1.1 mo.bidule.com:3128 (squid/2.5.STABLE5)
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> X-Forwarded-For: 192.168.xx.xx
>> Cache-Control: max-age=259200
>> Secure: https://www.grc.com
>> Nonsecure: http://www.grc.com
>> MediaPort: 8094
>>
>> (j'ai remplacé l'ip par des xx )
>> mess-mate
>>
>>
>
>
>A priori Squid fait tout le temps ainsi, bizarre alors à quoi sert le
>client netmask?
>Si tu speak english, il semble que tu puisses remplacer les ips par
>"unknown" en disabling forwarded for dans squid.conf:
>What is ``HTTP_X_FORWARDED_FOR''? Why does squid provide it to WWW
>servers, and how can I stop it?
>
>When a proxy-cache is used, a server does not see the connection coming
>from the originating client. Many people like to implement access
>controls based on the client address. To accommodate these people,
>Squid adds its own request header called "X-Forwarded-For" which looks
>like this:
>
>        X-Forwarded-For: 128.138.243.150, unknown, 192.52.106.30
>
>Entries are always IP addresses, or the word unknown if the address
>could not be determined or if it has been disabled with the
>forwarded_for configuration option.
>
>We must note that access controls based on this header are extremely
>weak and simple to fake. Anyone may hand-enter a request with any IP
>address whatsoever. This is perhaps the reason why client IP addresses
>have been omitted from the HTTP/1.1 specification.
>
>
Ok, it's done !
L'IP n'est plus visible !
Merçi bien.
Amicalement
mess-mate
Reply to: