How can make multiple outgoing ip address on squid proxy single server?
I have configured multiple IP as below in squid.conf file, but when I try to send request using by Proxy, it’s sending from primary IP of the server. I want to send request by virtual IP.
http_port 182.xx.xx.5:3131
http_port 182.xx.xx.6:3132
acl proxy1 src 182.xx.xx.5
acl proxy2 src 182.xx.xx.6
http_access allow proxy1
http_access allow proxy2
tcp_outgoing_address 182.xx.xx.5 proxy1
tcp_outgoing_address 182.xx.xx.5 proxy2
Please suggest me where I am wrong?
I have taken 2 Elastic IP’s in AWS EC2 and configured that to point to the instance, where i installed squid proxy. Now I need to install multiple proxy servers on same instance with different out going IPs.
Related
I have a strange problem wherein I am able to connect to an EC2 instance in a public subnet in AWS VPC using RDP and HTTP. However after successfully connecting to the instance through RDP, i am not able to connect to Internet (from the instance).
a) I created a non-default AWS VPC and associated an IGW to it. The address range of VPC is 10.0.0.0/16. A subnet with the address space 10.0.5.0/24 was created
c) In order to make the subnet public, i decided to retain the Main Route Table as it is and created an additional Route table with the following entries
10.0.0.0/16 local
0.0.0.0/0 igw
d) This route table was associated with the subnet 10.0.5.0/24. This makes it a public subnet
e) The NACL is set to allow:
INBOUND traffic HTTP(80),HTTPS(80),SSH(22), RDP(3389) for IPV4 and NACL
outbound traffic ALL TRAFFIC ALL PROTOCOL ALL PORT Range Destination 0.0.0.0/0
f) The security group settings are:
Inbound All traffic All All 0.0.0.0/0
Outbound All traffic All All 0.0.0.0/0
g) I created a single EC2 instance in the public subnet and assigned a Elastic EIP to it. I am able to connect to this using RDP and able to access the IIS Welcome page by typing the public DNS name of the EC2 in my local browser. However, from the instance when i open IE and try accessing any popular websites i am not able to access the Internet. I always get a 'Can't reach this page'
h) I disabled Windows Firewall and tried accessing Internet. But still it didnt work.
i) The tracert output just shows Request timed Out in all the lines.
Any help would be appreciated.
Thanks and Regards
Govind
First, verify that the following conditions are met:
The route table in the instance’s subnet has a default route to an
internet gateway. The security group attached to the instance’s
elastic network interface must allow outbound traffic on the following
ports: Port 80 for HTTP traffic Port 443 for HTTPs traffic Identify
the network access control lists (ACLs) that are associated with the
subnet that the instance is located on. These network ACLs must have
rules to allow inbound and outbound traffic on ports 80 and 443.
You don't need to open all the ports to enable outgoing web traffic.
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-connect-internet-gateway/
Finally i was able to fix this issue. I added
ALL TCP TCP (6) 0 - 65535 0.0.0.0/0 ALLOW
as an INBOUND rule in NACL. Immediately i was able to access the Internet from the browser in Ec2 instance.
However i am not convinced that all the ports should be opened to use browser on an EC2 instance in the public subnet. Is there a better way to do this ?
Can i consider setting up a Forward Proxy server as a solution for browser based outgoing traffic as in this case ? Please suggest
I'm using tinyproxy to reverse proxy. I have three subdomains pointed to the same server, and we need them to point to specific ports internally. That is, port 80 from any particular subdomain, mapped to a particular port. See the config example below.
The config looks like this:
Port 80
#Allow 127.0.0.1
#ReverseOnly yes
upstream 127.0.0.1:8115 "website.example.com"
upstream 127.0.0.1:3000 "api.example.com"
upstream 127.0.0.1:9000 "socket.example.com"
When I pull up any subdomain, all I get is:
Access denied
The administrator of this proxy has not configured it to service requests from your host.
Generated by tinyproxy version 1.8.3.
I cannot find adequate documentation anywhere. I'm thinking of contacting the maintainers. Please help.
I hope you already got the answer, but if you have not, here is the setting to allow client connecting to your proxy:
#
# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1
#Allow 192.168.0.0/16
#Allow 172.16.0.0/12
#Allow 10.0.0.0/8
Allow 0.0.0.0/0
In my example here, I allow 0.0.0.0/0 because I'm configuring a reverse proxy from the Internet to my other VPS.
Also, your configuration above is for forward proxy, not reverse proxy.
To enable reverse proxy function, you need at least the following:
ConnectPort 80
ConnectPort 443
ReversePath "/" "http://<your server IP>:8080/"
ReverseOnly Yes
ReverseMagic Yes
Is there any way I can set up squid3 to reroute traffic through multiple other servers in order to get a random ip address for each request?
I have a EC2 linux instance with a tomcat webapp (uses spring mvc) running on port 8081. There is no load balancer in place. I've setup the instance security group on the aws console to open up port 80. And on the ec2 inststance, I'm routing requests from port 80 to 8081 by doing
sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081
I need to access client's ip address (to determine their country). And so I'm looking for the x-forwarded-for and x-real-ip headers in the HttpServletRequest object.
The following always returns null when running on ec2, but returns valid values when running the same webapp on my local machine (and accessing via public ip using ngrok).
request.getHeader("x-forwarded-for") or request.getHeader("x-real-ip")
Is there any additional setup to be done on the AWS console or the EC2 instance to get the headers in the webapp? Or is the iptables routing messing up with the headers?
In the case of your local testing, it's actually the ngrok.com service that's adding the X-Real-Ip and X-Forwarded-Proto headers, see this comment from the creator for instance.
In your EC2 deployment, these headers might be added by a load balancer or reverse proxy, such an ELB, if you had one in place, but you state there is none.
In this case, you would need to look at the request's source IP address to determine its origin.
For development, you could do something like
request.getHeader("x-forwarded-for") or request.getRemoteAddr()
but this would leave you vulnerable to clients spoofing the X-Forwarded-For header. You should only trust these headers if the true remote address of the request is a reverse proxy or load balancer that you trust, such as one you control or a partner if you're using a CDN or third party DDoS protection.
I have the following Squid config on my server
http_access deny CONNECT !SSL_ports
If I connect to facebook use my server as proxy
curl -L 'https://facebook.com' -x 'myserver'
The request is denied, error message is TCP_DENIED/403,
but if I change the setting to
http_access allow CONNECT SSL_ports
It works.
As the Squid document said,
http_access deny CONNECT !SSL_ports
allows connect only through the SSL_ports. Why this setting denies my request?
The, ACL CONNECT will identify all the requests with the HTTP method CONNECT.
Now, let's see Squid's default configuration for using the CONNECT method:
acl SSL_ports port 443
http_access deny CONNECT !SSL_ports
By default, Squid will allow the CONNECT HTTP method only for SSL port 443, which is the
standard port for HTTPS communication. Again, we should go with the default configuration
and add more ports to the SSL_ports ACL as the need arises.