SQUID Proxy: Anonymous Browsing




SuSE Linux Enterprise Server 10 Service Pack 1


You want to prevent your browser from sending out sensitive information such as the type of your operating system, browser, date/time, referrer page.


Configure squid to block and modify browser information originating from your private LAN.

I recommend to install Squid on the server that acts as the router for the LAN.

This is not a so called “elite anonymous proxy” as it *does not* hide the fact that you access the server via a Proxy. Geographical location/IP hidding is outside the scope of this document.

Proxy and browser check:

First, let’s see what information our browser sends out. Click here to get a similar result as depicted on the screenshots.

Current result:

Depending on your environment, you should get a similar result.

Desired result:

If you use the Firefox, you can first enable the plugin “NoScript” which blocks unwanted execution of scripts.

title=”There’s a browser safer than Firefox… it is Firefox, with NoScript”>
have a safer Firefox with NoScript! width=”88″ border=”0″/>

In our example NoScript hides the Plugin and Display information.

Squid configuration

  1. Install squid:

YaST2 => Software => Software Manager

  1. Create a basic squid.conf:
   cd /etc/squid/
   mv squid.conf squid.conf.ORG
   grep -v ^$ squid.conf.ORG |grep -v ^# > squid.conf

We do this step because the annotated squid.conf is over 3000 lines long and it’s easier to work with a smaller config file.


Important Note:
The order of the configuration directives in /etc/squid/squid.conf is significant.
  1. Add your private network:
   acl localhost src	# preconfigured
   acl localnet src

The “acl localhost” is already preconfigured. I will show 2 lines in my example to make it easier to see where the configuration directives should go.

  1. Add the Server hostname as “visible_hostname”:
   hierarchy_stoplist cgi-bin ?	# preconfigured
   visible_hostname sles10
  1. Allow traffic from your localnetwork:
   http_access allow localhost # preconfigured
   http_access allow localnet
  1. Start squid
   /etc/init.d/squid start
   Starting WWW-proxy squid                    done

Browser configuration

  1. Check squid port:

On the squid server run:

   lsof -i -P |grep -i squid.*listen
   squid     10348  squid   13u  IPv4 2798257 TCP *:3128 (LISTEN)

3128 is the squid port number.

  1. Configure firefox:

Edit => Preferences => Network => Settings => Manual proxy configuration

  1. Test connectivity:

After you enable squid, access the proxy test page again. Click here.

We can now see that our private client IP is shown and also that our proxy was detected.

Anonymize squid

  1. Hide private IP:
   header_access X-Forwarded-For deny all
   header_replace X-Forwarded-For

X_FORWARDED_FOR – Value is a real IP address of a client.

After edditing squid.conf you always need to restart squid for the changes to take effect.

   /etc/init.d/squid restart
   Shutting down WWW-proxy squid                                        done
   Starting WWW-proxy squid                                             done


Resulting effect:

  1. Hide Proxy:
   header_access Via deny all
   header_replace Via

VIA – Value is an address of a proxy server.

Resulting effect:

  1. Hide browser:
   header_access User-Agent deny all
   header_replace User-Agent SecretBrowser/5.0 (iPhone; U; Commodore64; en)

USER-AGENT – Values are information about the browser.

  1. Hide referer page information:
   header_access Referer deny all
   header_replace Referer unknown

REFERER – the address (URI) of the resource from which the Request-URI was obtained.


Resulting effect:

Additional notes

Many web pages include rules that load CSS style sheets and other accessibility code based on the provided browser information. If you provide false data, some web sites won’t display correctly. Let’s take an example www.google.com:

False Browser (using SecretBrowser/5.0):

Valid Browser:

Many modern browsers these days also include the possibility to set a limited number of predefined User-Agents. Firefox can handle this via the User Agent Switcher add-on.

If you wonder why the “Referer” header is not named “Referrer”
this is simply a typo in the RFC4229 specification.

Alternative solutions

Tor project

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world.


Privoxy is a web proxy with advanced filtering capabilities for protecting privacy.


This is just a basic setup to demonstrate how you can shape HTTP data to hide some information and by far does not provide complete anonymity on Internet. The advantage however is a somewhat increased privacy as well as a performance gain from the cache proxy.

The drawbacks include possible broken functionality of some websites.

External Links

Detailed User-Agent list

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet