On Wed, 8 Dec 2004 10:34:51 -0600 Kevin <[EMAIL PROTECTED]> wrote: >On Wed, 8 Dec 2004 19:34:03 +0530, Siju George <[EMAIL PROTECTED]> >wrote:> On Wed, 8 Dec 2004 11:22:01 +0100, Daniel Hartmeier >> <[EMAIL PROTECTED]> wrote: >> > It might be some game with IP TTL values, but pf should always >replace> > the internal address with the gateway's. The tcpdump will >tell. > >I've never seen pf "leak" the original inside source IP address from a >NAT'd client. > >> I found the same thing happenning when I use Squid Proxy to connect >to> internet. So I should be changing some configuration in squid isn't >> it? Any comments? > >This is correct. Squid by default includes a "X-Forwarded-For: header >on each HTTP request showing the original requesting IP address. This >can be disabled in squid.conf with "forwarded_for off". > Sorry, not correct. I'm behind my squid and forwarded on or off the header is there !
>Additionally, Squid will also append a "Via:" header which reveals >information about the cache -- some web discussion boards will refuse >access if the Via header is present. > >The code which generate both of these headers is located in 'http.c' >in the Squid source tree. The only way to disable the 'Via' header in >Squid2.5 is to edit the source and recompile. > >Kevin > Would be tryed :) But there is a accel_header_........... etc.. who's disable parts of the header => anonymous. Look at the config file. mess-mate
