Solved

Setting up a proxy server

Posted on 2008-10-17
15
752 Views
Last Modified: 2013-12-15
I would like to set my US-based dedicated server up as a (password-protected!) proxy server to mask my real location (to websites that only allow U.S. traffic).

Does anyone know a decent ,free , easy to set up proxy server software?

Thanks!

(CentOS-4.3-32)
0
Comment
Question by:GertoWS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
15 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 22747223
Squid is what normally gets used on Linux systems, and it is included in most distro's.
0
 

Author Comment

by:GertoWS
ID: 22804471
Thanks, I have set up Squid 3.0 , but am unsure which settings  I need because this seems to do much more.

The only thing I need it for is for a proxy, it seems like it has tons of caching options etc, but I don't need that. Anyway, after trying it out of the box , when I set up my browser to use the proxy, I get the following message:
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.

I've tried to add the line "http_access allow MY_IP_ADDRESS" to the config file but that doesn't seem to work, it seems like it's set up by default to only allow access from local computers?

(in addition, I don't really want to set this up for my ip address since I have a dynamic ip address; a password or something would seem handy if possible)

Thanks!
0
 
LVL 88

Expert Comment

by:rindi
ID: 22804523
As I don't have much experience with configuring Squid, I'm afraid you'll have to read the diverse how-to's to get it configured, or hope someone else here replies. If you want, you can try using the "Request Attention" button.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 20

Expert Comment

by:Gns
ID: 22805530
Take a look at the FAQ... It's really quite informative;-).
http://www.squid-cache.org/Versions/v3/3.0/cfgman/auth_param.html might be a good place to start reading...

Cheers
-- Glenn
0
 

Author Comment

by:GertoWS
ID: 22806439
I've increased the amount of points to 500.

I already spent several hours yesterday searching the faq and wiki I just spent another hour wading through the FAQ , forums, the wiki, ....

But no matter what I do, I keep on getting "Access Denied." message.

Even if I set http_access and htcp_access to allow all.

Any ideas?
0
 
LVL 20

Expert Comment

by:Gns
ID: 22806824
Anything in the logs?
Almost soundlike you either aren't making the changes take effect, or change "the wrong file":-).

Cheers
-- Glenn
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 22858304
Hey GertoWS, please post the output of the command. That command will get rid of comments and blank likes so we can see how your squid.conf looks alike.

Anyway, I would say you need to open an ACL to allow your ip address.

but your squid should look like what I posted below.

To create the password file you can use this URL:
http://www.suretecsystems.com/our_docs/proxy-guide-en/htpasswd.html

anyway I have put a extract in the code snipped below.


egrep -v  "^\s*$|^\s*#" /etc/squid.conf
 
==8<===============================================
############################################################################
# Authentication extension
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm SQUID PASSWORD PROTECTED
auth_param basic credentialsttl 1 hour
auth_param basic casesensitive on
authenticate_ip_ttl 1800 seconds
#############################################################################
# ACL's
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
#############################################################################
# Here you define what to do with accesses:
http_access allow all password
==8<===============================================
 
HOW TO CREATE THE PASSWORD FILE:
cd /etc/squid
htpasswd -d -c password username
 
 
 
and that's all. restart your squid and try it.

Open in new window

0
 

Author Comment

by:GertoWS
ID: 22976952
Thanks for the help (and sorry for delay in getting back) .
I've changed the path from your example command to "/etc/squid/squid.conf" because that's where AFAIK my conf file is (or am I changing the wrong file, as asked above???)

[code] egrep -v  "^\s*$|^\s*#" /etc/squid/squid.conf
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow  manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow all
 http_reply_access allow all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
[/code]

As you see, basically I changed all instances of "DENY" to "ALLOW" , which is not secure , but just want to get it working first.

Then I restarted squid (/etc/rc.d/init.d/squid restart) , and I always get the "proxy server rejected connection" error.

(I'm using port 3129 as proxy, because I was told this is the port squid listens to)

Also, I've noticed that if I load any of my own websites (hosted on this dedicated server I'm trying to set up as proxy) , it works perfectly.
0
 

Author Comment

by:GertoWS
ID: 22976964
(apparently messed up the code part, sorry, second try:)
egrep -v  "^\s*$|^\s*#" /etc/squid/squid.conf
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow  manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow all
 http_reply_access allow all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

Open in new window

0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 500 total points
ID: 22977438
Hi GertoWS:

I messed the path, but of course you found the valid conf file.

Ok. If not told otherwhise, squid listens in port 3128 and leave port 3129 for ICP which is used for other caches.

So, Please try connection to port 3128 from your browser.
0
 

Author Comment

by:GertoWS
ID: 22977969
Thanks, apparently that was my biggest problem. It's working now!

I also did some things to make it more anonymous and that seems to work.
One last problem: I'd like to make it secure now.

To start, I tried to set  up the password with the code you provided, however then I get the connection refused error again.

Any suggestion how I should set this up with my browser? I was expecting it to ask me for a password
(if you want me to set this up as a different question, feel free to ask)

Thanks for all the help!
Current conf attached
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm SQUID PASSWORD PROTECTED
auth_param basic credentialsttl 1 hour
auth_param basic casesensitive on
authenticate_ip_ttl 1800 seconds
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
http_access allow all password
http_access allow manager localhost
http_access allow  manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow all
 http_reply_access allow all
http_reply_access allow all
icp_access allow all
forwarded_for off
client_db off
                header_access Allow allow all
                header_access Authorization allow all
                header_access WWW-Authenticate allow all
                header_access Proxy-Authorization allow all
                header_access Proxy-Authenticate allow all
                header_access Cache-Control allow all
                header_access Content-Encoding allow all
                header_access Content-Length allow all
                header_access Content-Type allow all
                header_access Date allow all
                header_access Expires allow all
                header_access Host allow all
                header_access If-Modified-Since allow all
                header_access Last-Modified allow all
                header_access Location allow all
                header_access Pragma allow all
                header_access Accept allow all
                header_access Accept-Charset allow all
                header_access Accept-Encoding allow all
                header_access Accept-Language allow all
                header_access Content-Language allow all
                header_access Mime-Version allow all
                header_access Retry-After allow all
                header_access Title allow all
                header_access Connection allow all
                header_access Proxy-Connection allow all
                header_access All deny all
coredump_dir /var/spool/squid

Open in new window

0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 22978229
I see you duplicated the authentication section.

try to comment lines 4-7 and ot change line 41 from "allow" to "deny"
also libnes 42 and 43 are repeated. line 44 is not needed since you do not have a network of caches.

also all these "header_access" Comment them first and then when everything is working try again step by step.

you are introducing too many changes in each step to find the culprit if something fails.
0
 

Author Closing Comment

by:GertoWS
ID: 31507185
Thank you very much
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question