I was wondering if it's possible to host a private vpn on heroku?
My (hypothetical) use case is that let's say there's some service that's only available in Europe but I want to access it in the USA. I'd like to turn a European heroku server into a personal vpn that just allows me to access that service.
I did some research and can't find anyone else who's tried/documented this.
You basically want a proxy. So heroku forbids running an open proxy, so you should restrict use.
XIX. Operate an “open proxy” or any other form of Internet proxy service that is capable of forwarding requests to any end user or third-party-supplied Internet host;
--https://www.heroku.com/policy/aup
But technically it is possible - you might want to try it: https://github.com/Rob--W/cors-anywhere, if you want to use the browser you will need to download the headers from the server.js file
Note that this project is not intended to be used as an open proxy, so for example relative paths are not loaded properly.
You might want to try it - it might be more appropriate, I just did not try it myself ... :)
https://github.com/http-party/node-http-proxy#setup-a-basic-stand-alone-proxy-server
Related
I just configured an NGINX instance on the Jelastic platform.
In my environment's firewall inbound rules there are now a few default rules added.
With source All. (HTTP, HTTPS, ...)
I changed the source of these firewall rules to Local LAN.
So I expect that when I go to my Jelastic public URL in my browser on my own computer, I do not get a website but I'm blocked by the firewall.
This is not happening. I do not want the website to be used from the outside. This environment will host some REST API's and workers running on the inside and only triggered by other environments I have.
Kind regards.
Roel
We recommend following this guide to disable access to your container (CT) from the outside: https://docs.jelastic.com/release-notes-59/#restrict-node-access-via-shared-load-balancer-slb
However, please keep in mind that you'll not be able to access this CT from another CT too.
UPDATE:
little clarification
If "Access via SLB" disabled, the nodes within the layer are inaccessible via SLB (including the Open in Browser button in the dashboard) and return the 403 "Forbidden error" instead of the intended service. Herewith, access via the private network from the other nodes of the environment, access via SSH and access via endpoints from the public network is not affected.
We also want to draw your attention to that described feature is available from the Jelastic PaaS 5.9 release
I often visit various sites and like to do so anonymously from behind a proxy. However, it seems as if some websites are still able to detect my real IP address. I know this because they use the IP address to attempt to geolocate me for services.
How did they actually get my real IP Address if I am using a proxy?
How can I truly hide myself?
Most proxies you'll find online are so-called 'transparant proxies'. This means they identify themselves as proxy and even give your real IP-address to the site.
These proxies are commonly used to load pages on the proxy-server instead of your PC.
IP proxies won't protect you at all, to be honest.
What you need are VPN's (Virtual Private Networks) a.k.a. Network Tunnel.
VPN's allow you to do everything online via an external PC inside that network. You'll get that PC's IP and all loading etc happens on that PC.
Not all VPN's are undetected. If you always want to browse the web anonymously, you'll need to find some HQ VPN's (barely for free) and you'll need to change VPN frequently.
Try searching on HideMyAss, SecurityKISS, ... or maybe even the TOR-network
I'm facing an little issue here. At the place I live, they shape the download speed by extension (using delaypool). Is there any script that I can run on my web that will let me enter the URL of files that I wanted to download, then it will download the file and rename it to "originalfilename.abc" (because .abc is not shaped)then save it on my web where I can download it. By the way, I have a paid webhosting service.
Thanks
I tried the SSH (my web hosting does indeed provide me with shell access) but all I get is a blank page in my browser. No error. Please advice.
Also, reason I choose script on the server instead of SSH because I though that SSH would be slower than direct HTTP download from my webserver. Can anyone point that out if I'm right or wrong with my thinking.
Thanks
You can write a vbs script or even batch file script that will go to a designated URL, and then download the file, then rename it. Then you can script FTP commands to upload to your webhosting service (I'm sure it has an FTP site for access). You could load this as a scheduled task, or run it manually.
I'd do either one of these routes.
A simpler (once its set up anyway ;) option I can think of is going through a secure tunnel. Whilst this is not quite answering your question I believe this to be simpler while achieving the same thing.
Get an SSH Client (Putty) and get a free Proxy. If your web-server has an SSH-server you can use it as Proxy as well of course, I am using my modified router at home as proxy via DynDns, but the Tor-Network will work, if very slow, so do other official free and paid proxy servers. If you are using an application to download that does not have the option to specify a proxy, get Proxifier Portable.
Use Putty to create the tunnel. Here some how-tos:
http://oldsite.precedence.co.uk/nc/putty.html
http://www.techrepublic.com/blog/security/use-putty-as-a-secure-proxy-on-windows/421
http://kimmo.suominen.com/docs/proxy-through-ssh/
And set your application to use your proxy (or actually to use putty which connects via SSH to your proxy) by entering 127.0.0.1:1080 into the proxy settings. Alternatively, if the app does not have an option to enter proxy settings, add 127.0.0.1:1080 to your Proxifier proxy list and add the applications that are supposed to use that connection to Proxifier.
Now you can do pretty much everything without anyone eavesdropping your connection stream being able to tell what it is, as the connection stream is SSH encrypted. This includes surfing websites that your provider/company/mother has blocked, download anything - even if blocked by IP/name/whatever-filters and even play MMORPGs from work (something which I do not recommend because it will get you fired and there is always some way for someone to figure it out, just saying it is possible to do even in secured company/school networks as Port 22 (SSH) is usually one of the 2 Ports which are open on pretty much any network (the other one being port 80)).
Its a wee bit of a pain to set up. Once it is working though, you can even put it on a usb-stick and use it pretty much anywhere as long as you remember what proxy to connect to. And you wont have to rewrite scripts to try to circumvent the delaypool thingy.
I want to setup proxy server on our office. I have two proxy server's available i.e. (SQUID for Linux and WinProxy for Windows). I have following requirement.
All the rule's which I define in proxy server like block some specific sites etc. should likely to work.
The "Evolution Mail Client" for linux and "Outlook Express" for windows also should work.
So, can you tell me the guidelines how to achieve both the task especially no.-2 .
Thanks in advance.
Squid is a very good option for a caching proxy. It has a configuration file to block some specific sites, IPs, domains... and to tell him which files has to cache. Making a smart proxy is not easy. But you can find great configurations and tutorials in Google or in his wiki.
There are two ways for setting up a proxy:
Direct proxy: you have to manually configure every computer to use your proxy server.
This is the easiest option. I recommend you using this.
Please note, computers that don't use the proxy can access all pages (even if they're blocked).
Transparent proxy: this is the most secure, ideal option for most cases (including yours). You have to configurate your network and the proxy server to forward any requests to it. This is a hard option and very difficult to achieve in your case.
About your Evolution and Outlook problem, there can't be any problems related to the proxy, don't worry about that.
For example, I have a development site on a different server but I'm trying to copy content over from the live site so it'd be handy to have the live site in IE and the dev site in FF.
I tried FoxyProxy but I can't seem to get it to work.
I use this to override system's DNS with localserver
in about:config
change this value:
network.dns.forceResolve
network.dns.ipv4OnlyDomains
network.dns.localDomains
with IP address of local DNS server (for exsample 192.168.1.88)
Sorry for my english
It's now possible, with the DNS over HTTPS function:
Open Options, General, scroll to very bottom and open Network Settings,
On the very bottom, you can find DNS over HTTPS:
You had to use about:config before to change this setting, here's for documentation:
Type about:config in firefox address bar.
search for:
network.trr.uri
You can use one of the DNS servers below:
Cloudflare: https://cloudflare-dns.com/dns-query
Google: https://dns.google/dns-query
Secure DNS EU: https://doh.securedns.eu/dns-query
Quad 9: https://dns.quad9.net/dns-query
And set network.trr.mode to 1
Hijacked from here:
https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
It appears from your question that you already have a second set of DNS servers available that reference the development site instead of the live site.
I would suggest that you simply run a standard SOCKS proxy either on that DNS server system or on a low-end spare system and have that system configured to use the development DNS server. You can then tell Firefox to use that proxy instead of downloading pages directly.
Doing it this way, the actual DNS lookups will be done on the proxy machine and not on the machine that's running the web browser.
DNS resolving is usually done at the system level and not at the application level, so you can't normally have one program use one dns and another program use a different dns. I'm not aware of any firefox extensions that allow you to use a different dns.
What about having different names for your dev and prod servers? That should avoid any confusions and you'd not have to edit the hosts file every time.
I am using the SwitchHost extension exactly for this problem:
https://addons.mozilla.org/en-US/firefox/addon/14258
It is easy to configure, and even more easy to switch hosts.
I wonder if you could write a custom rule for Fiddler to do what you want? IE uses no proxy, Firefox points to Fiddler, Fiddler uses custom rule to direct requests to the dev server...
http://www.fiddlertool.com/fiddler/
Since http proxy protocol is similar to raw http protocol, you can redirect desired traffic to your development server by telling firefox it's a proxy server.
two limitations:
A. this won't let you use https connections.
B. some frameworks (e,g: wordpress) don't like this method and redirect the request the wrong way
just copy the following code into a .pac file (enter your site domain and IP address, of course), and switch development/production just by changing proxy configuration.
function FindProxyForURL(url, host) {
var prox4site = {
"mysite.com":"PROXY 10.0.1.100:80",
"www.mysite.com":"PROXY 10.0.1.100:80"
}
return prox4site[host] || "DIRECT";
}
Go to options->Advanced->Network->Settings->Automatic proxy configuration url and enter 8.8.8.8 All you Mozilla traffic uses Google dns now.