Solved

How do i create a proxy server

Posted on 2010-11-18
25
549 Views
Last Modified: 2012-05-10
I want to create a proxy server for the users who connect to my website.

I have webserver hosted in my lan. I want to create a proxy server so that if anyone requests a webpage from my web server, the request should go through the proxy server. Experts can you tell me how do i do this.

Note: I have installed squid proxy server inside the lan for my clients. so when ever my clients connect to the internet the request goes through the squid server.
0
Comment
Question by:network16
  • 13
  • 10
25 Comments
 
LVL 23

Expert Comment

by:savone
ID: 34169720
Squid is a proxy server, if your clients are going through it your done.
0
 

Author Comment

by:network16
ID: 34169731
But i need a proxy server for the users who connect to my webserver from remote location
0
 
LVL 23

Expert Comment

by:savone
ID: 34169754
Is there a reason you would want to do this?  You can use the same proxy if you want, just open the ports on your firewall ( port 80) and set the acl on squid.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:network16
ID: 34169862
Because instead of connecting the client request every time to the web server, the request can be processed through the proxy server.
0
 

Author Comment

by:network16
ID: 34169874
Tell me how do i each incoming  request goes through the proxy server.
0
 
LVL 23

Accepted Solution

by:
savone earned 500 total points
ID: 34169895
Well basically you would just put the proxy in place of your web server.

Do you have a firewall in front of your web server?  For this example I will assume you do.

Lets say you have a firewall with an ip address of 1.1.1.1 (example of course) and it is forwarding requests on port 80 to your webserver.

make it forward the requests to your proxy instead. Then put ACLs in place to allow people to connect.

This is called a reverse proxy, here is a how to:
http://www.midgard-project.org/documentation/setting-up-squid-reverse-proxy/

0
 
LVL 23

Expert Comment

by:savone
ID: 34169900
And another one, interesting read....
http://www.visolve.com/squid/whitepapers/reverseproxy.php

0
 

Author Comment

by:network16
ID: 34169909
Thanks for your reply, i have got some idea, i will work on this. I have a built in firewall in router. I will check how to configure the ACL and i have found some rules on the online. Below are the rules. My questions is do i need to write these rules on the webserver, let say if i have installed the proxy on the web server or tell me if i need  to install proxy server on the other server.

SQUID is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects etc. By default it listen on TCP 3128 port. Following iptables rules allows SQUID incoming client request (open TCP port 3128) for server IP address 202.54.1.20:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 3128 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
0
 

Author Comment

by:network16
ID: 34171700
I redirected the port 80 requests to proxy server, but i could not open the web page.
0
 
LVL 23

Expert Comment

by:savone
ID: 34176358
First off is your squid machine different that your web server?

If so follow the directions in the second line I posted.

For example:

Lets say your squid machine is 192.168.1.2
and your webserver is 192.168.1.3


Set your squid.conf file like so:

http_port 80 # Port of Squid proxy
httpd_accel_host 192.168.1.3
httpd_accel_port 80 # Port of web server
httpd_accel_single_host on # Forward uncached requests to single host
httpd_accel_with_proxy on #
httpd_accel_uses_host_header off


make sure you router is forwarding port 80 to your squid machine.

0
 

Author Comment

by:network16
ID: 34177406
when i set the squid.conf as above i am recieving  the error parseconfigfile: line 925 unrecognized: "http_accel_host 192.168.1.3 and same for all the above used lines. Can you help me please, its very urgent
0
 
LVL 23

Expert Comment

by:savone
ID: 34177443
Did you change the IP address to the IP of your webserver?  Dont use 192.168.1.3, you have to change that to your web server's IP address.
0
 

Author Comment

by:network16
ID: 34177640
yes i have changed the ip address to my web server ip address
0
 

Author Comment

by:network16
ID: 34200390
Any suggestions i am getting the same error "error  parseconfigfile: line 925 unrecognized: "http_accel_host 192.168.1.3" for the all the lines i have added as you mentioned.
0
 

Author Comment

by:network16
ID: 34204464
I have sucessfully made the changes in the squid.conf file, i can restart the squid service.

But i could not start the service httpd when squid is started and vice versa. I can open the webpages in proxy server by using the http://localhost  url and retrieve the webpages which are in other servers.

But i cannot open using the ip address of the proxy server. Experts any suggetions
0
 
LVL 23

Expert Comment

by:savone
ID: 34204896
Post your squid.conf file, and provide the following information:

IP address of your webserver.
IP address of your squid server.
0
 

Author Comment

by:network16
ID: 34207971
IP Address of my webserver  is 192.168.1.43
IP Address of my squid server is 192.168.1.76

example.com is my domain name

# Squid normally listens to port 3128
#http_port 3128
http_port 80
http_port 80 defaultsite=example.com vhost
#http_port 192.168.1.43:80 accel parent vhost defaultsite=www.example.com
http_port 192.168.1.43:80 vhost vport
cache_peer 192.168.1.43 parent 80 0 no-query originserver
0
 

Author Comment

by:network16
ID: 34214934
I can browse the pages when i use http://localhost( i mean on 192.168.1.16) but when i use http://192.168.1.16 in my laptop. i get the below message

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://192.168.1.16/

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.
Generated Tue, 07 Dec 2010 17:52:32 GMT by localhost.localdomain (squid/2.6.STABLE21)
0
 
LVL 23

Expert Comment

by:savone
ID: 34215121
Add in the first line of your squid.conf file:

acl all src 0.0.0.0/0.0.0.0


Then add this to the bottom:

http_access allow all

This will allow all traffic through your proxy.


0
 

Author Comment

by:network16
ID: 34215800
Yes by adding " http_access allow all " it works, thanks for your reply. I have one more question, if i have more than one web server, what should be my squid.conf file.

http_port 80 defaultsite=example.com vhost
http_port 192.168.1.43:80 vhost vport
cache_peer 192.168.1.43 parent 80 0 no-query originserver

let me explain you clearly

 I have a webserver(192.168.1.43) and squid(192.168.1.76), i have a wiki server in another server (192.168.1.223). my domain example.com is mapped to a public IP 12.13.15.16.  So when i go to the url www.example.com it is  directed to 12.13.15.16, which in turn directed to squid and the page is retrieved from webserver (192.168.1.43).

so in the same way when go the url www.example.com/wiki it is redirected to webserver (192.168.1.43), but there is no wiki in this server. I made a directory wiki in the webserver(192.168.1.43) with an index.html, using ahref to another ip address.

The Ip address in the ahref is an public Ip Address 12.13.14.16 which is one of my five public ip address. So my question if we redirected 12.13.14.16 request to the squid server(192.168.1.76), how would the proxy server retrieve the page from wiki server (192.168.1.223) and what should be the changes in the squid.conf
0
 
LVL 23

Expert Comment

by:savone
ID: 34217321
Your really making me work for these points aren't you... :)

So let me see if I can get this for you...

I am not a squid professional by any means, but I think this config should work for you:

#CURRENT CONFIG
# Squid normally listens to port 3128
#http_port 3128

acl all src 0.0.0.0/0.0.0.0
acl wiki urlpath_regex ^/wiki

http_port 80
http_port 80 defaultsite=example.com vhost
#http_port 192.168.1.43:80 accel parent vhost defaultsite=www.example.com
http_port 192.168.1.43:80 vhost vport
cache_peer 192.168.1.43 parent 80 0 no-query originserver name=www.example.com
cache_peer_access www.example.com deny wiki

cache_peer 192.168.1.223 parent 80 0 no-query originserver name=wiki.example.com
cache_peer_access wiki.example.com allow wiki
cache_peer_access wiki.example.com deny all

http_access allow all
0
 

Author Comment

by:network16
ID: 34217454
sorry for troubling you.

I am getting the following error
Stopping squid: 2010/12/07 22:14:11| squid.conf, line 947: No cache_peer 'www.example.com'
2010/12/07 22:14:11| squid.conf, line 950: No cache_peer 'wiki.example.com'
2010/12/07 22:14:11| squid.conf, line 951: No cache_peer 'wiki.example.com'
0
 
LVL 23

Expert Comment

by:savone
ID: 34217917
you have to change wiki.example.com to the name of your server that holds the wiki

and change www.example.com to the name of your server that has the web server running on it.

0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34421437
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question