A few things you need to know about Squid Swap Directories
1. Do not erase or delete using linux delete command. It can cause Swap Directories DIRTY.
2. You do not need to erase or delete Squid Swap Directories if you have no_cache deny (an instruction in squid for no-cache proxy) in squid.conf. Squid need that Swap Directories
3. Shutdown Squid before recreates Swap Directories.
4. If you recreates Swap Directories, disconnect any request to Squid. It can cause you a problem, in my experience, i can’t shutdown Squid properly in next event
Add/modify squid.conf :
#no local caching
maximum_object_size 0 KB
minimum_object_size 0 KB
# specify uncachable requests
acl all src 0.0.0.0/0.0.0.0
no_cache deny all
or
# caches nothing based on time
acl Working time 08:00-16:00
no_cache deny Working
# avoid having a cache directory
cache_dir null /tmp
or
cache_dir null /null
UPDATED
We can’t see the latest yahoo pages if ‘header_replace User-Agent’ set to ‘unknown’ or anonymous User-Agent. To avoid this, change into :
header_replace User-Agent Mozilla/5.0 (en) Gecko/20070515 Firefox/2.0.0.4
or
header_access User-Agent allow all
before
header_access Deny deny all
UPDATED
I manage squid 2.5 to become high anonymous proxy.
# cd /usr/local/etc/squid
# vi squid.conf
Change this in #Miscellanous
forwarded_for off
[client ip won't recognize]
Add this to #Miscellanous
header_access Allow allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_acccess Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Enncoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Cookie allow all
header_access Set_Cookie allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All deny all
header_replace User-Agent anonymous
[browser will be identify as anonymous]
Save and reboot server
# reboot
or Re-read squid.conf without restarting
# squid -k reconfigure
Restore proxy to previous setting
add # besides header_replace to turn off.
Visit Proxy Blind to check proxy results
They will identify as no proxy or highly anonymous.
Proxy types according to Proxy Blind (description from their site)
No proxy : In this case (the majority of internet users), http requests are sent directly from your machine to the server. There is no privacy or caching benefits. A non-proxied system will display the following information:
REMOTE_ADDR = Your IP
HTTP_VIA = blank
HTTP_X_FORWARDED_FOR = blank
Transparent Proxy : A transparent proxy anounces to the world that it’s a proxy, and passes on your information. It provides no privacy improvements (except against poorly coded sites that only look at REMOTE_ADDR and not HTTP_X_FORWARDED_FOR). It can provide a benefit by caching frequently accessed pages; many companies also use this system for filtering purposes. A transparent proxy will display the following information:
REMOTE_ADDR = Proxy’s IP
HTTP_VIA = Proxy’s IP
HTTP_X_FORWARDED_FOR = Your IP
Anonymous Proxy :An anonymous proxy offers the caching benefits of a transparent proxy, while hiding your IP address (by replacing with either the proxies IP, or a random address. The downside to this approach is that sites that use address detection to establish unique users (online games, voting, some logins) will not be able to distinguish you from others in your domain. Of course, that might be a bonus sometimes. An anonymous proxy will display the following information:
REMOTE_ADDR = Proxy’s IP
HTTP_VIA = Proxy’s IP
HTTP_X_FORWARDED_FOR = Proxy’s IP, or random
Highly Anonymous : A highly anonymous (often known as an elite proxy) makes your system look the same as a non-proxied system (with the proxy servers IP address). This provides the best security; however, all the caveats of an anonymous proxy are still present. In addition, an anonymous proxy’s existance can be detected, and the server can suggest workarounds, but there’s no way to detect an elite proxy. Again, that may be your goal. A highly anonymous proxy will display the following information:
REMOTE_ADDR = Proxy’s IP
HTTP_VIA = blank
HTTP_X_FORWARDED_FOR = blank
