Squid in transperant mode expose my internal IP

Hey,

I'm having some problem with a tranperanse proxy, using some sites which suppose to discover your ip address, I found out the the internal ip is exposed instead of the external one. its happening only when I browse through the proxy server... (disabling the redirect rule on the firewall)
any input will be apprichiated,

here are the sites:
http://software77.net/cgi-bin/ip-country/geo-ip.pl
http://checkip.dyndns.org

and here is my conf file:
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 100 16 256
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
#redirect_program /usr/sbin/squidGuard -c /etc/squidguard.conf
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/cache/squid


thank in advance.
LVL 2
c0mm4Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ravenplCommented:
That's becouse squid proxy forwards Your real IP in http_request. It's normal for proxies to do it, as in normal circumstances it's good to know who really does the abuse things on internet (instead thinking it's proxy itself;))
This information is stored in request_vars HTTP_X_FORWARDED_FOR HTTP_VIA

If You want to turn off it(from squid.conf):
#  TAG: forwarded_for   on|off
#       If set, Squid will include your system's IP address or name
#       in the HTTP requests it forwards.  By default it looks like
#       this:
#
#               X-Forwarded-For: 192.1.2.3
#
#       If you disable this, it will appear as
#
#               X-Forwarded-For: unknown
#
#Default:
# forwarded_for on

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
c0mm4Author Commented:
thank of the prompt answer. the point are yours but I would appriciate if you could help me a bit further, now that I disable it it show it as unknown, and it is problematic for some site the give service by region, this is an internal proxy and now one have access to it from outside.. any idea how to make it show the external i of the squid server?
ravenplCommented:
The external IP of Your cache is known to webpages You are connectiong to. The connection is made from it. It's just many pages checks for x-forwarded-for, and takes it as the real IP(which should be true). And it's really good thing to have it in proxy request. What's wrong in this, that You (and the remote) knows exactly who done what? This is not a security or privacy threat!
However if You do this (remove proxy information), You will create anonymous proxy for malicious users, and that You who will be blamed and responsible for that !

Try:
header_replace X-Forwarded-For Your_outside_IP

or
header_access X-Forwarded-For deny all
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

c0mm4Author Commented:
I'm aware of the security issue that you have mentioned, but as I said it is a internal proxy and not open from outside. I do trust my users, and the issue mentioned also restrict some services that are given based on region and can't be give with a private ip address.

Thanks again.
ravenplCommented:
> and now one have access to it from outside
Oh, You mean You mistyped it ;)
Cheers.
c0mm4Author Commented:
yeah sorry ;)
didn't even noticed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.