Eliezer Thanks for your good advice.. Regards Alex tech.jahtoe.com bafila.jahtoe.com
On 6 Mar 2017 17:30, "Eliezer Croitoru" <elie...@ngtech.co.il> wrote: > Hey Alex, > > First goes first: If you spin any version of CentOS these days I recommend > to use CentOS 7 and not 6. > This is also based on many use cases which proved(to me and many others) > that the kernel and many other components improved performance. > If you already spinoff a server to mask your IP I believe that the more > "perfected" way to do so is using a VPN. > Specifically OpenVPN and a CentOS 7 with pritunl on it as the management > web interface for OpenVPN. > The instructions on how to install it are at: > https://docs.pritunl.com/docs/installation > > The client can be found at: > https://openvpn.net/index.php/open-source/downloads.html > > And it would mask your IP address for all of your connections from the > machine you are working on. > Notice that some that the reason your IP is not masked is since there are > scripts which can run on html5 and can bypass the proxy settings. > > Let me know if you need more help. > > Eliezer > > ---- > http://ngtech.co.il/lmgtfy/ > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Alex Muir > Sent: Monday, March 6, 2017 1:31 PM > To: squid-users@lists.squid-cache.org > Subject: [squid-users] anonymous squid setup on digital ocean centos 6 but > my IP still detected > > > > Greetings, > > I have implemented the following https://www.digitalocean.com/ > community/tutorials/how-to-install-squid-proxy-on-centos-6 from digital > ocean which sets up squid with settings to not have my IP address forwarded. > I'm finding however that my local IP is still detected when I google what > my local ip address is. I've configured firefox browser to use the proxy > and have confirmed that it is using the proxy. Additionally https goes > through the proxy however http is blocked. I'd like to ensure that http is > not blocked. > What changes do I need to make to get this working as desired? > Here is the squid config setup: > [root@CENTOSMASTER ~]# cat /etc/squid/squid.conf > # > # Recommended minimum configuration: > # > acl manager proto cache_object > acl localhost src http://127.0.0.1/32 ::1 > acl to_localhost dst http://127.0.0.0/8 http://0.0.0.0/32 ::1 > > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > acl localnet src http://10.0.0.0/8 # RFC1918 possible internal network > acl localnet src http://172.16.0.0/12 # RFC1918 possible internal network > acl localnet src http://192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) > machines > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > #http_access deny CONNECT !SSL_ports > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > http_port 3128 > > # Uncomment and adjust the following to add a disk cache directory. > #cache_dir ufs /var/spool/squid 100 16 256 > > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid > > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% > > via off > forwarded_for off > > request_header_access Allow allow all > request_header_access Authorization allow all > request_header_access WWW-Authenticate allow all > request_header_access Proxy-Authorization allow all > request_header_access Proxy-Authenticate allow all > request_header_access Cache-Control allow all > request_header_access Content-Encoding allow all > request_header_access Content-Length allow all > request_header_access Content-Type allow all > request_header_access Date allow all > request_header_access Expires allow all > request_header_access Host allow all > request_header_access If-Modified-Since allow all > request_header_access Last-Modified allow all > request_header_access Location allow all > request_header_access Pragma allow all > request_header_access Accept allow all > request_header_access Accept-Charset allow all > request_header_access Accept-Encoding allow all > request_header_access Accept-Language allow all > request_header_access Content-Language allow all > request_header_access Mime-Version allow all > request_header_access Retry-After allow all > request_header_access Title allow all > request_header_access Connection allow all > request_header_access Proxy-Connection allow all > request_header_access User-Agent allow all > request_header_access Cookie allow all > request_header_access All deny all > > I've posted the question on stackoverflow > > http://serverfault.com/questions/836385/anonymous- > squid-setup-on-digital-ocean-centos-6-but-my-ip-still-detected > > Regards > Alex Muir > Chief Data Engineer/Architect > Jahtoe Technology > http://tech.jahtoe.com > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
