Customizing the squid forwarded_for value

November 7, 2005

Tonight, I got bored so I decided to look into hacking my squid to send a custom value with the forwarded_for header.

After searching around for a while, I found no guides. I had previously talked about this with some friends, and we discussed that squid sends back “unknown” if the user turns off forwarded_for in squid.conf . I wasn’t sure if this value was interpreted by the remote server, or squid. I made sure to rememember the idea for a later day.

Tonight, I downloaded squid squid 2.5 stable and see how easy it could be. Suprisingly, it wasn’t hard at all, and i was able to find it in less than 10 minutes.

If you open up your squid-2.5.STABLE12/src/http.c and scroll all the way down to line 962, there you will see:

/* append X-Forwarded-For */
strFwd = httpHeaderGetList(hdr_in, HDR_X_FORWARDED_FOR);
strListAdd(&strFwd,
(((orig_request->client_addr.s_addr != no_addr.s_addr) && opt_forwarded_for) ?
inet_ntoa(orig_request->client_addr) : "unknown"), ',');
httpHeaderPutStr(hdr_out, HDR_X_FORWARDED_FOR, strBuf(strFwd));
stringClean(&strFwd);

Pay close attention to

inet_ntoa(orig_request->client_addr) : "unknown"), ',');

Simply change the “unknown” value to whatever value you want. It can be 127.0.0.1, 0.0.0.0, 911.911.911.911, or even “banana”, you can insert whatever the hell you want into that section, and it will send that value with the x_forwarded_for header.

After changing the file, ./configure, make, and make install. You’ll need to edit your squid.conf and turn the “forwarded_for” value off in order for the hack to function.

How is this useful? By default, squid will send back your actual ip address if forwarded_for is not disabled. If it is disabled, it will send back “unknown”. There is no way to customize the header via squid.conf. So, this is an excellent solution. Some websites check the x_forwarded_for header, if you want to screw with the administrator, you can change that value to the actual website you’re visiting.

There isn’t a way to change the remote_addr value because that value is interpreted by the remote server.

Advertisements

One Response to “Customizing the squid forwarded_for value”

  1. Krista Antonini Says:

    When customizing your squid make sure that you do not poke your fingers on the beak.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: