Customizing the squid forwarded_for header

November 7, 2005

Tonight, I got bored so I decided to look into hacking my squid to send a custom value with the forwarded_for header.

After searching around for a while, I found no guides. I had previously talked about this with some friends, and we discussed that squid sends back “unknown” if the user turns off forwarded_for in squid.conf . I wasn’t sure if this value was interpreted by the remote server, or squid. I made sure to rememember the idea for a later day.

Tonight, I downloaded squid squid 2.5 stable and see how easy it could be. Suprisingly, it wasn’t hard at all, and i was able to find it in less than 10 minutes.

If you open up your squid-2.5.STABLE12/src/http.c and scroll all the way down to line 962, there you will see:

/* append X-Forwarded-For */
strFwd = httpHeaderGetList(hdr_in, HDR_X_FORWARDED_FOR);
(((orig_request->client_addr.s_addr != no_addr.s_addr) && opt_forwarded_for) ?
inet_ntoa(orig_request->client_addr) : "unknown"), ',');
httpHeaderPutStr(hdr_out, HDR_X_FORWARDED_FOR, strBuf(strFwd));

Pay close attention to

inet_ntoa(orig_request->client_addr) : "unknown"), ',');

Simply change the “unknown” value to whatever value you want. It can be,, 911.911.911.911, or even “banana”, you can insert whatever the hell you want into that section, and it will send that value with the x_forwarded_for header.

After changing the file, ./configure, make, and make install. You’ll need to edit your squid.conf and turn the “forwarded_for” value off in order for the hack to function.

How is this useful? By default, squid will send back your actual ip address if forwarded_for is not disabled. If it is disabled, it will send back “unknown”. There is no way to customize the header via squid.conf. So, this is an excellent solution. Some websites check the x_forwarded_for header, if you want to screw with the administrator, you can change that value to the actual website you’re visiting.

There isn’t a way to change the remote_addr value because that value is interpreted by the remote server.


5 Responses to “Customizing the squid forwarded_for header”

  1. ywu Says:

    This is simply great!

  2. rwd0 Says:

    Simply use
    TAG: header_access
    header_access All deny all

    in squid.conf

    That’s all 🙂

  3. mikey Says:

    that doesn’t give you the ability to forge the forwarded_for value.

  4. Condor Says:

    This is no longer work with squid great of 2.6STABLE version

  5. Krista Antonini Says:

    You making me hungry.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: