SuSE Linux Enterprise Server 10 Service Pack 1
You want to prevent your browser from sending out sensitive information such as the type of your operating system, browser, date/time, referrer page.
Configure squid to block and modify browser information originating from your private LAN.
I recommend to install Squid on the server that acts as the router for the LAN.
This is not a so called "elite anonymous proxy" as it *does not* hide the fact that you access the server via a Proxy. Geographical location/IP hidding is outside the scope of this document.
Proxy and browser check:
First, let's see what information our browser sends out. Click here to get a similar result as depicted on the screenshots.
Depending on your environment, you should get a similar result.
If you use the Firefox, you can first enable the plugin "NoScript" which blocks unwanted execution of scripts.
In our example NoScript hides the Plugin and Display information.
- Install squid:
YaST2 => Software => Software Manager
- Create a basic squid.conf:
mv squid.conf squid.conf.ORG
grep -v ^$ squid.conf.ORG |grep -v ^# > squid.conf
We do this step because the annotated squid.conf is over 3000 lines long and it's easier to work with a smaller config file.
The order of the configuration directives in
/etc/squid/squid.conf is significant.
- Add your private network:
acl localhost src 127.0.0.1/255.255.255.255 # preconfigured
acl localnet src 10.0.0.0/24
The "acl localhost" is already preconfigured. I will show 2 lines in my example to make it easier to see where the configuration directives should go.
- Add the Server hostname as "visible_hostname":
hierarchy_stoplist cgi-bin ? # preconfigured
- Allow traffic from your localnetwork:
http_access allow localhost # preconfigured
http_access allow localnet
- Start squid
Starting WWW-proxy squid done
- Check squid port:
On the squid server run:
lsof -i -P |grep -i squid.*listen
squid 10348 squid 13u IPv4 2798257 TCP *:3128 (LISTEN)
3128 is the squid port number.
- Configure firefox:
Edit => Preferences => Network => Settings => Manual proxy configuration
- Test connectivity:
After you enable squid, access the proxy test page again. Click here.
We can now see that our private client IP is shown and also that our proxy was detected.
- Hide private IP:
header_access X-Forwarded-For deny all
header_replace X-Forwarded-For 126.96.36.199
X_FORWARDED_FOR - Value is a real IP address of a client.
After edditing squid.conf you always need to restart squid for the changes to take effect.
Shutting down WWW-proxy squid done
Starting WWW-proxy squid done
- Hide Proxy:
header_access Via deny all
header_replace Via 188.8.131.52
VIA - Value is an address of a proxy server.
- Hide browser:
header_access User-Agent deny all
header_replace User-Agent SecretBrowser/5.0 (iPhone; U; Commodore64; en)
USER-AGENT - Values are information about the browser.
- Hide referer page information:
header_access Referer deny all
header_replace Referer unknown
REFERER - the address (URI) of the resource from which the Request-URI was obtained.
Many web pages include rules that load CSS style sheets and other accessibility code based on the provided browser information. If you provide false data, some web sites won't display correctly. Let's take an example www.google.com:
False Browser (using SecretBrowser/5.0):
Many modern browsers these days also include the possibility to set a limited number of predefined User-Agents. Firefox can handle this via the User Agent Switcher add-on.
If you wonder why the "Referer" header is not named "Referrer"
this is simply a typo in the RFC4229 specification.
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world.
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy.
This is just a basic setup to demonstrate how you can shape HTTP data to hide some information and by far does not provide complete anonymity on Internet. The advantage however is a somewhat increased privacy as well as a performance gain from the cache proxy.
The drawbacks include possible broken functionality of some websites.
Detailed User-Agent list
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.