A proxy server is a server which acts as an intermediary between endpoint devices, such as client machines, and other servers from which they request services or data. It operates by receiving requests from clients, forwarding these requests to the appropriate server, receiving the server’s response, and then sending this data back to the client. Proxy servers can function at various layers of the networking stack, including application-level proxies (HTTP proxies) and lower-level proxies (SOCKS proxies). Well there are many types of proxiy servers based on its usage.
Types and Applications of Proxy Servers
1. Forward Proxies: Forward proxies serve as an intermediary for requests from a client seeking resources from other servers. This can be used for purposes like improving security by masking the client’s IP address, filtering incoming and outgoing data, and caching content to improve access speeds. By the way we will concentrate much more on forward proxies in this post.
2. Reverse Proxies: Reverse proxies retrieve resources on behalf of clients from one or more servers. They aid in load balancing, distributing the network or application traffic across multiple servers to optimize resource usage, avoid overload, and ensure maximum uptime.
3. Transparent Proxies: Also known as inline proxies, these can intercept normal communication without requiring any special client configuration. They are often used by ISPs and enterprise networks for content filtering, bandwidth control, and caching.
4. Application-level Gateways (ALGs): These deep-packet inspection proxies operate at the application level and are capable of handling specific protocols such as HTTP, FTP, or SIP. They perform functions like URL filtering, content modification, and session management.
Use Cases of Proxy servers
Literly a proxy server alone can achieve the following goals. Lets try to explain it.
Cache Servers and Content Distribution Networks (CDNs)
Proxies can store copies of frequently accessed sites and use these cached versions to reduce loading times. That’s why Proxies used in CDNs can help to store cached copies of content closer to end users. This enhances access speeds by reducing latency and offloading traffic from the origin servers. Edge servers and parent-child hierarchies in cache servers optimize content delivery and balance loads across geographical locations.
Security Implications
Proxies play a critical role in security architecture, acting as an additional layer of defense through obfuscation, malware detection via deep packet inspection, and DDoS mitigation by absorbing and redistributing attack traffic. Or simply in none technical term, Proxies can hide your IP address, making your online activities more private.
Lets see how in real work the proxies are used. And actualy why companies, schools, universities, and even private individuals may use proxy servers, it’s essential to recognize their diverse benefits and applications. basically, Proxy provide an additional layer of security by filtering malicious content and preventing unauthorized access to internal networks.
Monitoring and Control
Proxy servers help trace users’ internet usage, ensuring appropriate use of resources that employees adhere to company/school/University policies and maintain productivity.
Content Filtering
Proxy servers can block access to social networking sites and other non-educational content on campus networks, helping to maintain a focused learning environment.
Anonymity and Privacy
By setting up a proxy server, individuals can hide their IP addresses, making their online activities more private and less susceptible to targeted advertising campaigns.
Understanding the Proxy server (squid) Setup
Before we put everything forward, let me explain what I plan to do through this tutorial and what I want to achieve and the end.
For demonstration purposes, we’ll be using Ubuntu 22.04, although other Linux distributions and proxy server software are available. We’ll use Squid Proxy because it can handle all the aforementioned tasks effectively, even though its configuration might be more complex compared to alternatives like Tinyproxy or Privoxy.
To help you understand what we are going to achieve at the end, I have prepared a diagram showing how a simple home network typically functions. In this setup, the client is either connected to the router via wired or wireless connections. The router, in turn, is connected to the ISP via cable, DSL, or any other available means.
Scenario
Normally, when a person wants to visit a website like awhadi.online through their devices, the request made from a mobile or computer is routed to the router, then through the router to the ISP, and finally in the cloud to the server where the site is hosted. In between, the ISP may store your search history 😉 to sell to advertising companies. Additionally, imagine your country has already blocked awhadi.online 😀 , which is hosted somewhere in Europe, while you live in Asia.
Imagine further: you want to block certain undesirable sites within your network to prevent your kids and family members from accessing them. Considering all these scenarios, we will set up a virtual server locally on a spare machine or in AWS, Azure, Google Cloud, or even Alibaba in the Europe region since your country has blocked our site, and you want to bypass the filter.
We will connect to the VPS through SSH and install Webmin and Squid, then configure Squid to filter inappropriate sites for our family and restrict the use of non-secure sites like HTTP, allowing only HTTPS. This setup not only enhances privacy but also ensures safer browsing for your family. and also make we would restrict browsing of some sites for learning purpose.
To simplify the process for those unfamiliar with command-line operations, we’ll install Webmin, a web-based interface for system administration. This will allow easy configuration of Squid Proxy through a GUI. However, for those comfortable with the command line, we will also cover the necessary changes via CLI. Finally, we will add the proxy configuration to the network settings of our devices and test if everything is working, ensuring our mission is accomplished.
By the end of this demonstration, you will understand how to set up and configure a Squid Proxy server on Ubuntu 22.04 to achieve various objectives, from monitoring and controlling network usage to enhancing online privacy.
Do not wast time and lets start.
Step 1: Connect to the VPS or any machine meant to be used as proxy server through ssh
ssh username@yourserver-ip You will be asked for password or key, Enter the password and press enter key.
Step 2: Install webmin
First, update the package index on your Ubuntu system:
sudo apt update sudo apt install software-properties-common apt-transport-https wget sudo sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'Add the GPG key to ensure the integrity of the Webmin repository and update the package index and install webmin
wget -q -O- http://www.webmin.com/jcameron-key.asc | sudo apt-key add - sudo apt update sudo apt install webminAfter the installation is complete, you can access Webmin through your web browser by navigating to http://your_server_ip:10000.
You will likely encounter a warning about the security certificate. You can ignore it and proceed to the Webmin login page. The default credentials are usually:
Username: root
Password: your system’s root password
That’s it! You should now have Webmin installed and accessible on your Ubuntu 22.04 server.
Step 3: Install Squid package
You can either install squid package through your ssh terminal or on the webmin UI, I prefer to do it the the terminal
sudo apt-get install squid #enable squid to start after system restart sudo systemctl enable squid #check if the squid service is running sudo systemctl status squidnormaly Squid configuration file is stored under the mention below path, we will edit is later either from the webmin panel or directly from the terminal
/etc/squid/squid.confStep 4: first time connect to proxy server and trace access log of the squid.
We have to get to the network setting, it differes based on your device. Say you are using Iphone, go to the wifi settings, to which you are currently connected. scrol down and select Configure proxy, select manual and Add the ip address and port which is 3124 default squid proxy port.
Try access a website, which you wont be able, but still you can see that the squid is blocking the request. And you not need to worry will be configure it later.
To check the log, get back to your ssh session, which is connected to the machine and type
sudo tail -f /var/log/squid/access.log Step 5: configuring the proxy restriction and add authentication for security
Enhance security by regularly updating the proxy software, implementing firewalls, employing SSL/TLS encryption for encrypted proxying, and log monitoring for intrusion detection capabilities. But we wont jump to that part, we will only use basic authentication for our proxy, we will setup it later. for now will create some acl to get access to deny access.
Lets see how the default acls looks in the configuration file
You can use nano in your ssh terminal to edit but to read you can use cat command
sudo nano /etc/squid/squid.conf Sudo cat /etc/squid/squid.conf Default acls acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http out of the box proxy restriction rules http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager include /etc/squid/conf.d/*.conf http_access allow localhost http_access deny allLets fix the browsing issue, after successful connection to the proxy server the server will act as man in the middle, will forward your request to the requests server, but before forwading squid let us restrict, which is good for the security. As you see we are not able to access the internet, its because the proxy simply restricts us due to default acls. To fix it we need to go to the squid configuration on the webmin and select access control, and later click on the proxy restriction and add new proxy restriction select ssh and set to allow, move it one step about all. Remember the sort of the restriction policy is very important, now go back to the squid dashboard, and click on the apply changes. Wait for a moment and go back to our device connected to the proxy and and try to access internet, but remember you will only be able to access sites with https and http request are still blocked which is good.
Finaly the proxy restriction rule will see like this on the config file
http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager include /etc/squid/conf.d/*.conf http_access allow localhost http_access allow SSL_ports http_access deny allTo confirm you can go back again to your ssh terminal and trace the log.
Or simply search for whats my ip address on google you will see the ip address of the vps/machine while connecting through proxy.
