Anonymize‎ your VyOS Proxy ( Squid3 )

If you check your HTTP-Headers, you will see that VyOS-Proxy is talking a bit to much. Anonymity test

VyOS default output

[quote]###################### Proxy checking Report: ######################
IP DETECT: 123.123.123.123
REAL IP: [color=#FF0000]unknown[/color]
COUNTRY: YOUR-COUNTRY - YC
RESULT: [color=#FF0000]transparent proxy[/color]

###################### Main anonymous proxy test variables: ######################
HTTP_FORWARDED: N/A
HTTP_X_FORWARDED_FOR: [color=#FF0000]unknown[/color]
HTTP_CLIENT_IP: N/A

###################### Additional proxy variables: ######################
HTTP_VIA: [color=#FF0000]1.1 localhost (squid/3.1.6)[/color]
HTTP_XROXY_CONNECTION: N/A
HTTP_PROXY_CONNECTION: N/A

###################### Other interesting info about you: ######################
HTTP_USERAGENT_VIA: N/A
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
REMOTE_HOST: N/A
HTTP_CONNECTION: keep-alive
SERVER_PROTOCOL: HTTP/1.1
HTTP_REFERER: [b][color=#FFA500]http://ip.cc/[/color][/b]
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
HTTP_CACHE_CONTROL: max-age=0
HTTP_CACHE_INFO: N/A[/quote]

VyOS patched output

[quote]###################### Proxy checking Report: ######################
IP DETECT: 123.123.123.123
COUNTRY: YOUR-COUNTRY - YC
RESULT: [color=#32CD32]high-anonymous elite proxy[/color]

###################### Main anonymous proxy test variables: ######################
HTTP_FORWARDED: N/A
HTTP_X_FORWARDED_FOR: [color=#32CD32]N/A[/color]
HTTP_CLIENT_IP: N/A

###################### Additional proxy variables: ######################
HTTP_VIA:[color=#32CD32] N/A[/color]
HTTP_XROXY_CONNECTION: N/A
HTTP_PROXY_CONNECTION: N/A

###################### Other interesting info about you: ######################
HTTP_USERAGENT_VIA: N/A
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
REMOTE_HOST: N/A
HTTP_CONNECTION: keep-alive
SERVER_PROTOCOL: HTTP/1.1
HTTP_REFERER: [color=#32CD32]N/A[/color]
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
HTTP_CACHE_CONTROL: no-cache
HTTP_CACHE_INFO: N/A[/quote]

ToDo:

  1. connect to your VyOS ( where proxy is used )
  2. upload the attached patch (patch-file) ( and rename it to anonymize.patch )
  3. apply the patch using following command
patch -p0 < anonymize.patch
  1. make changes working by changing webproxy settings in configure-mode ( assuming your cache is set to 4GB ) e.g.
[edit]
vyos@gw.lab.internal# set service webproxy cache-size 4095
[edit]
vyos@gw.lab.internal# commit
[edit]
vyos@gw.lab.internal# set service webproxy cache-size 4096
[edit]
vyos@gw.lab.internal# commit
  1. check the result at the link above.

Happy patching…

Looks good. The other thing though, not everyone really wants anonymity to exact same degree, so I’d rather make it configurable. Like:

edit service webproxy
set options via [enable|disable]
set options forwarded-for [enable|disable]
set options http-headers user-agent [enable|disable]
set options http-headers referer [enable|disable]
...

Also, it’s better to make patches with “git format-patch -${number of commits}”. They preserve original commit descriptions, author name etc., and are more likely to apply properly if there were changes to the file before that patch.