Solved

How do i create a proxy server

Posted on 2010-11-18
25
543 Views
Last Modified: 2012-05-10
I want to create a proxy server for the users who connect to my website.

I have webserver hosted in my lan. I want to create a proxy server so that if anyone requests a webpage from my web server, the request should go through the proxy server. Experts can you tell me how do i do this.

Note: I have installed squid proxy server inside the lan for my clients. so when ever my clients connect to the internet the request goes through the squid server.
0
Comment
Question by:network16
  • 13
  • 10
25 Comments
 
LVL 23

Expert Comment

by:savone
ID: 34169720
Squid is a proxy server, if your clients are going through it your done.
0
 

Author Comment

by:network16
ID: 34169731
But i need a proxy server for the users who connect to my webserver from remote location
0
 
LVL 23

Expert Comment

by:savone
ID: 34169754
Is there a reason you would want to do this?  You can use the same proxy if you want, just open the ports on your firewall ( port 80) and set the acl on squid.
0
 

Author Comment

by:network16
ID: 34169862
Because instead of connecting the client request every time to the web server, the request can be processed through the proxy server.
0
 

Author Comment

by:network16
ID: 34169874
Tell me how do i each incoming  request goes through the proxy server.
0
 
LVL 23

Accepted Solution

by:
savone earned 500 total points
ID: 34169895
Well basically you would just put the proxy in place of your web server.

Do you have a firewall in front of your web server?  For this example I will assume you do.

Lets say you have a firewall with an ip address of 1.1.1.1 (example of course) and it is forwarding requests on port 80 to your webserver.

make it forward the requests to your proxy instead. Then put ACLs in place to allow people to connect.

This is called a reverse proxy, here is a how to:
http://www.midgard-project.org/documentation/setting-up-squid-reverse-proxy/

0
 
LVL 23

Expert Comment

by:savone
ID: 34169900
And another one, interesting read....
http://www.visolve.com/squid/whitepapers/reverseproxy.php

0
 

Author Comment

by:network16
ID: 34169909
Thanks for your reply, i have got some idea, i will work on this. I have a built in firewall in router. I will check how to configure the ACL and i have found some rules on the online. Below are the rules. My questions is do i need to write these rules on the webserver, let say if i have installed the proxy on the web server or tell me if i need  to install proxy server on the other server.

SQUID is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects etc. By default it listen on TCP 3128 port. Following iptables rules allows SQUID incoming client request (open TCP port 3128) for server IP address 202.54.1.20:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 3128 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
0
 

Author Comment

by:network16
ID: 34171700
I redirected the port 80 requests to proxy server, but i could not open the web page.
0
 
LVL 23

Expert Comment

by:savone
ID: 34176358
First off is your squid machine different that your web server?

If so follow the directions in the second line I posted.

For example:

Lets say your squid machine is 192.168.1.2
and your webserver is 192.168.1.3


Set your squid.conf file like so:

http_port 80 # Port of Squid proxy
httpd_accel_host 192.168.1.3
httpd_accel_port 80 # Port of web server
httpd_accel_single_host on # Forward uncached requests to single host
httpd_accel_with_proxy on #
httpd_accel_uses_host_header off


make sure you router is forwarding port 80 to your squid machine.

0
 

Author Comment

by:network16
ID: 34177406
when i set the squid.conf as above i am recieving  the error parseconfigfile: line 925 unrecognized: "http_accel_host 192.168.1.3 and same for all the above used lines. Can you help me please, its very urgent
0
 
LVL 23

Expert Comment

by:savone
ID: 34177443
Did you change the IP address to the IP of your webserver?  Dont use 192.168.1.3, you have to change that to your web server's IP address.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:network16
ID: 34177640
yes i have changed the ip address to my web server ip address
0
 

Author Comment

by:network16
ID: 34200390
Any suggestions i am getting the same error "error  parseconfigfile: line 925 unrecognized: "http_accel_host 192.168.1.3" for the all the lines i have added as you mentioned.
0
 

Author Comment

by:network16
ID: 34204464
I have sucessfully made the changes in the squid.conf file, i can restart the squid service.

But i could not start the service httpd when squid is started and vice versa. I can open the webpages in proxy server by using the http://localhost  url and retrieve the webpages which are in other servers.

But i cannot open using the ip address of the proxy server. Experts any suggetions
0
 
LVL 23

Expert Comment

by:savone
ID: 34204896
Post your squid.conf file, and provide the following information:

IP address of your webserver.
IP address of your squid server.
0
 

Author Comment

by:network16
ID: 34207971
IP Address of my webserver  is 192.168.1.43
IP Address of my squid server is 192.168.1.76

example.com is my domain name

# Squid normally listens to port 3128
#http_port 3128
http_port 80
http_port 80 defaultsite=example.com vhost
#http_port 192.168.1.43:80 accel parent vhost defaultsite=www.example.com
http_port 192.168.1.43:80 vhost vport
cache_peer 192.168.1.43 parent 80 0 no-query originserver
0
 

Author Comment

by:network16
ID: 34214934
I can browse the pages when i use http://localhost( i mean on 192.168.1.16) but when i use http://192.168.1.16 in my laptop. i get the below message

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://192.168.1.16/

The following error was encountered:

    * Access Denied.

      Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.
Generated Tue, 07 Dec 2010 17:52:32 GMT by localhost.localdomain (squid/2.6.STABLE21)
0
 
LVL 23

Expert Comment

by:savone
ID: 34215121
Add in the first line of your squid.conf file:

acl all src 0.0.0.0/0.0.0.0


Then add this to the bottom:

http_access allow all

This will allow all traffic through your proxy.


0
 

Author Comment

by:network16
ID: 34215800
Yes by adding " http_access allow all " it works, thanks for your reply. I have one more question, if i have more than one web server, what should be my squid.conf file.

http_port 80 defaultsite=example.com vhost
http_port 192.168.1.43:80 vhost vport
cache_peer 192.168.1.43 parent 80 0 no-query originserver

let me explain you clearly

 I have a webserver(192.168.1.43) and squid(192.168.1.76), i have a wiki server in another server (192.168.1.223). my domain example.com is mapped to a public IP 12.13.15.16.  So when i go to the url www.example.com it is  directed to 12.13.15.16, which in turn directed to squid and the page is retrieved from webserver (192.168.1.43).

so in the same way when go the url www.example.com/wiki it is redirected to webserver (192.168.1.43), but there is no wiki in this server. I made a directory wiki in the webserver(192.168.1.43) with an index.html, using ahref to another ip address.

The Ip address in the ahref is an public Ip Address 12.13.14.16 which is one of my five public ip address. So my question if we redirected 12.13.14.16 request to the squid server(192.168.1.76), how would the proxy server retrieve the page from wiki server (192.168.1.223) and what should be the changes in the squid.conf
0
 
LVL 23

Expert Comment

by:savone
ID: 34217321
Your really making me work for these points aren't you... :)

So let me see if I can get this for you...

I am not a squid professional by any means, but I think this config should work for you:

#CURRENT CONFIG
# Squid normally listens to port 3128
#http_port 3128

acl all src 0.0.0.0/0.0.0.0
acl wiki urlpath_regex ^/wiki

http_port 80
http_port 80 defaultsite=example.com vhost
#http_port 192.168.1.43:80 accel parent vhost defaultsite=www.example.com
http_port 192.168.1.43:80 vhost vport
cache_peer 192.168.1.43 parent 80 0 no-query originserver name=www.example.com
cache_peer_access www.example.com deny wiki

cache_peer 192.168.1.223 parent 80 0 no-query originserver name=wiki.example.com
cache_peer_access wiki.example.com allow wiki
cache_peer_access wiki.example.com deny all

http_access allow all
0
 

Author Comment

by:network16
ID: 34217454
sorry for troubling you.

I am getting the following error
Stopping squid: 2010/12/07 22:14:11| squid.conf, line 947: No cache_peer 'www.example.com'
2010/12/07 22:14:11| squid.conf, line 950: No cache_peer 'wiki.example.com'
2010/12/07 22:14:11| squid.conf, line 951: No cache_peer 'wiki.example.com'
0
 
LVL 23

Expert Comment

by:savone
ID: 34217917
you have to change wiki.example.com to the name of your server that holds the wiki

and change www.example.com to the name of your server that has the web server running on it.

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34421437
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now