Squid: Bypass redirector for specific URL

Computing, Software Comments Off
Nov 162011

Often times, in your Squid proxy, you may have a redirector configured – such as SquidGuard:

redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf

I ran into a problem tonight with my Roku box where SquidGuard was seeing Roku’s NetFlix access as a security threat.  So, to make Squid bypass the redirector, add an ACL and a redirector-access rule:

acl netflix dstdomain .netflix.com
redirector_access deny netflix

There you have it – any requests to *.netflix.com will skip the redirector.

Posted by David Andrzejewski at 9:51 pm

Squid Proxy: Make Outgoing Headers Anonymous

Computing, Security, Software Comments Off
Nov 062011

By default, Squid sends HTTP headers on every request that can give away information about your internal network. Here’s an example of these headers:

HTTP_VIA:1.1 proxyserver.local (squid/3.1.16)
HTTP_X_FORWARDED_FOR:192.168.0.123

That’s three pieces of information you may not want to give away: The host name of your proxy server, the version of Squid it’s running, and the IP address of the system that’s making the request via the proxy.

Fortunately, it’s simple (and does not apparently violate any standards) to make these headers more anonymous – just use these configuration directives in your squid.conf:

# Be more anonymous
forwarded_for off
visible_hostname proxy.local
httpd_suppress_version_string on

That will change the headers to look more like this:

HTTP_VIA:1.1 proxy.local (squid)
HTTP_X_FORWARDED_FOR:unknown
Posted by David Andrzejewski at 7:56 am

FreeBSD – IPv6 Tunnel and Gateway Configuration

Computing, Software Comments Off
Mar 042010

Most of us don’t have native IPv6 Internet connections at home.  Fortunately, it’s easy (and free) to get connected to the IPv6 Internet.  Here’s how to get your FreeBSD box connected.

Continue reading »

Posted by David Andrzejewski at 12:22 am Tagged with: , ,

FreeBSD Backup Using dump and duplicity

Computing, Software Comments Off
Mar 012010

I spent some time thinking about backup strategy, and I decided for my purposes, I’d like to handle the staging process (getting all the files put together), and I’d like the backup solution itself to simply upload the files – but since I want to do nightly backups, I’d like the backup solution to have incremental capabilities.

I narrowed it down to two possible solutions – Tarsnap and Duplicity.  Both support incremental backups, both are command-line capable.  I decided to use Duplicity because it uploads directly to whichever back-end service you use – be it Amazon S3 or an SFTP server .  Tarsnap uses S3, but that’s your only option, and they do some processing for you, and because of that, it costs more.

Now, on to the details.

Continue reading »

Posted by David Andrzejewski at 10:35 pm Tagged with: ,

JungleDisk on FreeBSD

Computing, Software Comments Off
Feb 032009

For those of you who don’t know, JungleDisk is a utility that allows you to back up data to Amazon’s Simple Storage Service (S3).  Soon, it will also allow you to use Mosso’s Cloud Files service, which is similar to S3 but hosted by RackSpace. I recently won a free subscription to JungleDisk, thanks to Mosso.

I’ve got JungleDisk set up on my Windows machine and it’s working really well. I was looking around the JungleDisk website, and I noticed that you’re allowed to install the desktop edition on as many computers as you want.  I’ve got two machines here at home – my laptop with Windows, and my file server running FreeBSD.  JungleDisk doesn’t have a native FreeBSD version, but they do offer a Linux version.  Seeing as FreeBSD does have a Linux compatibility layer, I figured I’d at least try to get it to work.  So far, I’ve been moderately successful.

Continue reading »

Posted by David Andrzejewski at 6:53 pm Tagged with: , , , , ,
Older Entries
© 2011 David AndrzejewskiSuffusion theme by Sayontan Sinha