How to Enable Squid Anonymous Stealth Mode

There are some times when you don’t want your proxy server announcing that it’s a proxy server to the world.  Getting Squid to anonymise the requests coming from behind it isn’t done out of the box.

Squid is RFC compliant in that it adds the appropriate headers into the HTTP conversation which is being a good internet neighbour and good for system admins.  Putting Squid in stealth mode will therefore make Squid not RFC compliant.  It is however very useful when you need to check geo services in other parts of the world, or when you need to make sure your users are secure.

What we are wanting to do is to make sure we don’t break websites we may wish to visit,but make sure our details are secure.

Log on to your Proxy box as per usual.

Edit the Squid configuration:

nano /etc/squid3/squid.conf

Add the following lines to the top of your config file:

follow_x_forwarded_for deny all
forwarded_for delete
via off
header_access From deny all
header_access Server deny all
header_access WWW-Authenticate deny all
header_access Link deny all
header_access Cache-Control deny all
header_access Proxy-Connection deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Pragma deny all
header_access Keep-Alive deny all

[ctrl]+o to save, and [ctrl]+x to exit.

These lines are in the config file already, so you can either find them, change them accordingly or just paste the code above.

Now lets restart Squid, on Ubuntu we could use:

service squid3 restart

Any questions or problems comment below.  Or if you use any other controls I’d be very interested in learning!