Anonymize‎ your VyOS Proxy ( Squid3 )


#1

If you check your HTTP-Headers, you will see that VyOS-Proxy is talking a bit to much. Anonymity test

VyOS default output

[quote]###################### Proxy checking Report: ######################
IP DETECT: 123.123.123.123
REAL IP: unknown
COUNTRY: YOUR-COUNTRY - YC
RESULT: transparent proxy

###################### Main anonymous proxy test variables: ######################
HTTP_FORWARDED: N/A
HTTP_X_FORWARDED_FOR: unknown
HTTP_CLIENT_IP: N/A

###################### Additional proxy variables: ######################
HTTP_VIA: 1.1 localhost (squid/3.1.6)
HTTP_XROXY_CONNECTION: N/A
HTTP_PROXY_CONNECTION: N/A

###################### Other interesting info about you: ######################
HTTP_USERAGENT_VIA: N/A
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
REMOTE_HOST: N/A
HTTP_CONNECTION: keep-alive
SERVER_PROTOCOL: HTTP/1.1
HTTP_REFERER: http://ip.cc/
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
HTTP_CACHE_CONTROL: max-age=0
HTTP_CACHE_INFO: N/A[/quote]

VyOS patched output

[quote]###################### Proxy checking Report: ######################
IP DETECT: 123.123.123.123
COUNTRY: YOUR-COUNTRY - YC
RESULT: high-anonymous elite proxy

###################### Main anonymous proxy test variables: ######################
HTTP_FORWARDED: N/A
HTTP_X_FORWARDED_FOR: N/A
HTTP_CLIENT_IP: N/A

###################### Additional proxy variables: ######################
HTTP_VIA: N/A
HTTP_XROXY_CONNECTION: N/A
HTTP_PROXY_CONNECTION: N/A

###################### Other interesting info about you: ######################
HTTP_USERAGENT_VIA: N/A
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8
REMOTE_HOST: N/A
HTTP_CONNECTION: keep-alive
SERVER_PROTOCOL: HTTP/1.1
HTTP_REFERER: N/A
HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
HTTP_CACHE_CONTROL: no-cache
HTTP_CACHE_INFO: N/A[/quote]

ToDo:

  1. connect to your VyOS ( where proxy is used )
  2. upload the attached patch (patch-file) ( and rename it to anonymize.patch )
  3. apply the patch using following command
patch -p0 < anonymize.patch
  1. make changes working by changing webproxy settings in configure-mode ( assuming your cache is set to 4GB ) e.g.
[edit]
vyos@gw.lab.internal# set service webproxy cache-size 4095
[edit]
vyos@gw.lab.internal# commit
[edit]
vyos@gw.lab.internal# set service webproxy cache-size 4096
[edit]
vyos@gw.lab.internal# commit
  1. check the result at the link above.

Happy patching…


#2

Looks good. The other thing though, not everyone really wants anonymity to exact same degree, so I’d rather make it configurable. Like:

edit service webproxy
set options via [enable|disable]
set options forwarded-for [enable|disable]
set options http-headers user-agent [enable|disable]
set options http-headers referer [enable|disable]
...

Also, it’s better to make patches with “git format-patch -${number of commits}”. They preserve original commit descriptions, author name etc., and are more likely to apply properly if there were changes to the file before that patch.