The default squid.conf sets forwarded_for to on, allowing remote websites to see the local client's ip address. Squid adds an "X-Forwarded-For: {Client IP}" header to each HTTP request. Setting forwarded_for off by default would be nice. Reproducible: Always Steps to Reproduce: 1. Visit website that shows your local IP address, eg. http://www.grc.com/
www-proxy please advise.
I've modified files/squid-2.5.9-gentoo.diff. Though it is a pertinent request, I don't perceive this as a security problem. At most, it could be perceived as a privacy issue. In my opinion, it should be marked as fixed.
Marked as fixed, in squid-2.5.9