I have an issue I can't seem to figure how to solve. I am thinking of using Squid for this but not 100% sure how to configure. A developer is writing a script that will request an XML file from a secure web server.
The script will live in a cloud-based application and will send the request for this XML file to the web server, the script will then translate the XML file content into readable data using API calls and presented to the user in the application.
The problem is the following:
The application server (A) its load balanced and the IP address may not always be the same. We do not own this app server only have access to APIs
The Web server (B) that owns the XML is behind a firewall and it has to specify the incoming IP address allowed to access this content
I am thinking I would have to configure reverse proxy on Squid that will receive the script/request from any IP address (preferably from the application servers only) and would have to forward the exact request to the IP address of the Web server that owns the XML file.
This means that I would have to specify the IP address of the proxy server rather than the web server in the script and somehow allow the proxy server to know it needs to forward it to the web server.
I'm not sure how to do this securely since in this scenario as ANY external IP address coming the proxy server will be forwarded over.
(A) App server ======> Squid Proxy =======> (B) Webserver
I hope this makes sense thank you so much in advance for your help.
Related
I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
I have full access to a server which is located in some other country. My IP address has been blocked blocked by a website and I need to use my server IP as proxy to access that particular website. I tried out with the server IP address in LAN Setting->use Proxies in my Chrome Browser but I am unable access the internet when i use that IP. How can I do this?
Just entering the server address on client side isn't sufficient. You need to set up your server to behave as a proxy server using something like squid or other alternative.
I am writing a javascript/strophejs xmpp client, and have been so far using it to connect to a xmpp server hosted at hosted.im, via a public BOSH service (http://bosh.metajack.im:5280/xmpp-httpbind). The html/javascript is also hosted online, at testserver.host56.com (not the real url).
Now, I decided to host the xmpp server on the amazon web cloud, and use my own Bosh service, hosted on this server as well.
Now, my ec2 instance is at myAWSDNS.us-west-2.compute.amazonaws.com (also not real url).
I also have a BOSH service up and running, at myAWSDNS.us-west-2.compute.amazonaws.com:7070.
Finally, I have also allowed traffic to this ec2 instance through both the instances firewall and through the AWS Security Group policy.
However, when trying to connect to this instance's xmpp server (openfire), using my JS/strophejs client, I get the following message in the Chrome javascript console:
XMLHttpRequest cannot load http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myAWSDNS.us-west-2.compute.amazonaws.com' is therefore not allowed access
Why am I getting this issue, if the origin is on the same domain as the requested resource?
The Ec2 instance is running Windows Server 2012.
This is the code I use to log in:
var conn = new Strophe.Connection("http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/");
conn.connect("chris#myAWSDNS.us-west-2.compute.amazonaws.com", "myPassword", somecallback);
Thanks,
best regards,
Chris
As previously mentioned, even if you're on the same domain, the ports must also match otherwise CORS is required.
You may not be using the correct URL for your connection manager, all of the ones I've seen use an address ending in /http-bind/ or similar.
Have you tried connecting with Strophe.Connection("http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/http-bind/");?
Also, you can test for the presence of the crossdomain.xml file by simply visiting http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/crossdomain.xml to ensure that CORS has been successfully enabled.
The browser will not allow since the ports are different. I don't know what you have at AWS, but you can proxy the request in both direction, like as:
http://myAWSDNS.us-west-2.compute.amazonaws.com/http-bind/ <---------> http://myAWSDNS.us-west-2.compute.amazonaws.com:7070/
See item no 5: Connecting with Strophe.js of the tutorial for Apache use case.
My app is hosted on multiple servers through a Load Balancer and requires HTTPS at all times.
So, now I have a real challenge grabbing the client's IP. I've setup a server to do this where I run an AJAX call to another non-balanced server that returns their IP as a JSONP string. Unfortunately that server gets bombarded and slows down web sites.
Can anyone recommend a better way to do this?
I am wondering how the proxy will bypass the content filter within firewall?
For example, if you are in China and try to connect to facebook, the GFW will block it. But if you use proxy server, then you can connect through. What is the logic here?
Thanks,
The Firewall blocks the web address from being accessed. A proxy has a different web address and is therefore accessible. However, the proxy is able to access the web address as it is outside the firewall. It sends the HTML code from the webpage to be accessed to your computer.
Think of the proxy as a middleman. It gets you what you want and then sends it to you, without you ever accessing the webpage directly and alerting the firewall.