I have a webpage and a little game server running on my own machine that is located at my work office.
The problem is that some people can't reach the webpage and game server, because of some network issues. The reasons are not the key, just take it (for almost all my community all things works fine, there just some troubles for a specific group).
So,
I have set up the test Droplet on Digital Ocean, with socks5 proxy installed.
https://github.com/hensly/socks5
And it all worked :) Clients that are restricted to connect directly are just using my proxy server to connect to the webpage or game server.
.
So my questions come up:
How can I limit my proxy to work only with certain IPs? Actually, I need only one IP - the IP of my server-pc, and that's it (the reserved (white) IP and domain name attached to it). Is there a way of such limitation on the proxy side? I just don't want them to use proxy for everything (mostly because there is not an unlimited Bandwidth and it could cost some extra).
Thanks <3
p.s. if you know other, more convenient ways to solve my problem, I'd appreciate it if you share your thoughts.
Related
we're beating our heads a bit with this problem of ours. We have a company headquarters with our own network and an external cloud with another network. We want to create a script that when our on-site network does not work, it must automatically use the proxy we created with Squid, which is obviously on the Cloud with another network. Our virtual machine on the cloud with Squid can be reached internally via Firewall. We need an automatic system that uses the proxy when the internet fails in our office, can you help me? I was studying the Pac files, but I understand little of them. If I could also apply it via policy it would be perfect, but I just need to solve at least the first point.
Thanks
Okay, so we implement Recaptcha in production. We get errors because it can't reach the IP address it needs to use the service. We open a port for the IP address to reach Google. No problem. We do that and configure that IP address explicitly to work. It works great. Then, the next day, we start getting errors again because Recaptcha is using a different IP address. I can allow requests from that IP address, too, but now I'm unsettled. Where are these addresses coming from? How do I configure this to work reliably?
Recatpcha from Google can use any Google IP address and there are lots of them.
Ran this from Windows:
_netblocks.google.com text =
nslookup -type=TXT _netblocks.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
That's all the network Google uses currently. These can change so check them often.
Google suggest allowing port 80 to all IPs outbound, this highly insecure. They recommend going through a proxy server but again that is highly insecure if your web server is an DMZ. Proxy aware trojans do exist. All that need to be done is exploit a vulnerability to execute arbitrary code and you can create reverse connection on port 80 through a proxy server to download the payload. Then it is trivial to escalate privileges and own the box. I don't mean just Windows servers but Linux as well. I've done it in lab environment on security was on. It's really easy to do.
This is the Google website I got this from:
http://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha
I wanted to append to this answer with more recent information. The documentation that Chris is pointing to does not include all of the TXT records necessary to dig (thanks Google):
_netblocks2.google.com (IPv6 subnets)
_netblocks3.google.com (Additional IPv4 subnets)
In my particular case, the _netblocks3 entry contained 2 large /19's that made my initial rule ineffective
(I found additional references here: https://support.google.com/a/answer/60764?hl=en)
Perhaps you should be using a hostname rather than IP
A friend has a PC with access to the internet. I also have internet but I want to connect to the internet through my friend's computer, using his computer as a VPN, so that I can access websites blocked by my current ISP.
I know I can use logmein (For example) to control his PC and surf there, but I just need the ability to connect to his PC/network and surf through his internet, just like a VPN does.
my question is: what software / method can help us achieve this?
Note: he has dynamic i.p internet
Bypassing DNS blocks isn't that hard.
You can use Google DNS to reach about every site. You change your Domain Name Settings[*] to those of Google and you'll be able to visit TPB or other blocked sites.
If you want to work with a VPN, it'd be best if your friend sets his IP to static.
This way you can use the built-in VPN client in Microsoft to connect to him. Check out this tutorial on how to make a VPN on his pc and connect with it from yours.
[*] DNS-settings are needed to retreive an IP from your ISP. If you change them to Google DNS, you'll get an IP from Google and your DNS-lookups (when you surf to a site) will go via Google instead of via your ISP. This allowes you to bypass local DNS-blocks and some sites will load a few miliseconds faster.
I often visit various sites and like to do so anonymously from behind a proxy. However, it seems as if some websites are still able to detect my real IP address. I know this because they use the IP address to attempt to geolocate me for services.
How did they actually get my real IP Address if I am using a proxy?
How can I truly hide myself?
Most proxies you'll find online are so-called 'transparant proxies'. This means they identify themselves as proxy and even give your real IP-address to the site.
These proxies are commonly used to load pages on the proxy-server instead of your PC.
IP proxies won't protect you at all, to be honest.
What you need are VPN's (Virtual Private Networks) a.k.a. Network Tunnel.
VPN's allow you to do everything online via an external PC inside that network. You'll get that PC's IP and all loading etc happens on that PC.
Not all VPN's are undetected. If you always want to browse the web anonymously, you'll need to find some HQ VPN's (barely for free) and you'll need to change VPN frequently.
Try searching on HideMyAss, SecurityKISS, ... or maybe even the TOR-network
I have a strange problem, I just installed my php web site on a shared hosting, all services were working fine. But after configuring my app I just could visit my web site only once, other attempts gives:
"The server is taking too long to respond.".
But from other IP i can access, but only once, it seems all ip addressess beeing blocked after first visit(even ftp and other services get down, no access at all from the IP), can anyone help to explore this problem ? I don't think that it's my app problem, the app works fine on my local PC.
Thanks.
First thing to try would be a traceroute to determine where your traffic is being blocked.
In a windows command prompt:
tracert www.yoursharedhostingserver.com
At the moment, trying to access this address gives this:
Fatal error: Class 'mainController'
not found in
/home/myicms/public_html/core/application/crApplication.class.php
on line 181
I have tried it multiple times and it didn't block me. It might be that You have already solved this problem.
As far as I know, the behavior described by You could only be explained by a badly configured intelligent firewall. It may have been misconfigured by Your host.
If You visit a site at a certain host and suddenly You cannot access an ftp on this host, then it's either a (really bad) firewall or a (very mean) site that explicitly adds a firewall rule to ignore that address.
Some things that You might look into:
It might be something with identd too. What was the service You have configured on Your host? Was it by any chance any kind of server-controll panel (that might have an ability to controll a firewall)?
Is the blockade permanent, or does it go off after 24h, or does it only go off after rebooting the server? Does restarting some services makes the blockade go off?
Did You install any software that "protects Your server from portscanning"? It might be a bit too aggressive.
I wish You good luck in finding a source of this problem!
Chances are that if you can access it once that its actually working. The problem is more than likely in the php code than in the server.