wlanboy
Content Contributer
Running a public proxy is quite a trouble making decision. Ok it is not as dump as posting your ssh credentials on twitter, but please read the TOS of your provider first. Your hoster does not bite - talk with him/her.
Sometimes a restricted proxy can be usefull too. E.g. secure the internet connection of your childs, or just to allow some friends to visit a defined set of webpages. So please do not run a public proxy.
Back to topic:
Everytime I read a post about someone telling how good his blacklist is I just start smiling. You cannot maintain a list of all bad words that should be filtered. In my opinion only a whitelist of allowed domains can really secure your internet connection.
Searching for an easy to configure http only proxy which is supporting whitelisting you might find "tinyproxy".
Installation is simple:
apt-get install tinyproxy
Configuration is simple too (single file):
nano /etc/tinyproxy.conf
This you should alter following parameters:
FilterExtended On
FilterURLs On
FilterDefaultDeny Yes
Filter "/etc/tinyproxy/whitelist"
So all requests will be denied except the ones defined in the filter file.
Now add the domains you want to allow:
nano /etc/tinyproxy-whitelist.conf
Content like:
twitter.com
twimg.com
That's it.
If someone knows a way to force a desktop user to use a proxy (for Windows/Mac/Linux) just add a post with a small howto.
Sometimes a restricted proxy can be usefull too. E.g. secure the internet connection of your childs, or just to allow some friends to visit a defined set of webpages. So please do not run a public proxy.
Back to topic:
Everytime I read a post about someone telling how good his blacklist is I just start smiling. You cannot maintain a list of all bad words that should be filtered. In my opinion only a whitelist of allowed domains can really secure your internet connection.
Searching for an easy to configure http only proxy which is supporting whitelisting you might find "tinyproxy".
Installation is simple:
apt-get install tinyproxy
Configuration is simple too (single file):
nano /etc/tinyproxy.conf
This you should alter following parameters:
- Listen
The ip address used by the proxy to accept connections.
E.g.: "Listen 127.0.0.1" - Bind 192.168.0.1
The ip address used by the proxy to connect to the internet
- MinSpareServers
MaxSpareServers
StartServers
Well the minimum and maximum number of threads started by the proxy. Each thread can handle one request at the same time. Startservers is handling the number of threads that are started by the proxy without any requests. Default values are ok, but can consume too much RAM for small vps.
Allow
The ip address of allowed clients.
E.g.: Allow 127.0.0.1 or Allow 192.168.0.0/16
This is quite important. Limit this to the ips of the pcs using the proxy.
ConnectPort 443
ConnectPort 563
To allow SSL connections.
FilterExtended On
FilterURLs On
FilterDefaultDeny Yes
Filter "/etc/tinyproxy/whitelist"
So all requests will be denied except the ones defined in the filter file.
Now add the domains you want to allow:
nano /etc/tinyproxy-whitelist.conf
Content like:
twitter.com
twimg.com
That's it.
If someone knows a way to force a desktop user to use a proxy (for Windows/Mac/Linux) just add a post with a small howto.