1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Make your own private elite proxy

Discussion in 'Proxies' started by fatboy, Oct 17, 2014.

  1. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Ok - off the back of the VPN in minutes post I made here a while ago, I thought I would throw up a how to on making an elite proxy using a CentOS VPS and Squid. This is a bit longer than the last post so what I put here is also available from my website (http://autoim.net/elite-squid-proxy-setup/) incase you need an easy bookmark.

    Here we go (this is a copy / paste job so hopefuly it goes right from my site!):

    Ok, we have already told you how to set up a VPN in minutes so how about another tutorial on how to set up your own elite proxy using CentOS and Squid. The proxy will be fully password protected so only authenticated users can use it.

    Please note that this tutorial is aimed at CentOS 64bit versions, we are using version 7 - this will work on other distros but you will have to alter the commands you use, for example instead of 'yum' on Debian you would use 'apt-get'.

    The proxy we set up for this tutorial was created on a Digital Ocean droplet. Mod Edit - Aff link removed

    Right, with that out of the way, fire up your VPS, log in via SSH and type the following:

    Firstly update the VPS and install the prerequisites for installing Squid
    Code:
    yum update
    yum install squid http-tools -y
    
    When everything has been updated and installed, we will need to clear out any old Squid configuration files, and set a blank file
    Code:
    rm -rf /etc/squid/squid.conf
    touch /etc/squid/squid.conf
    
    Now we will give Squid a basic configuration, allowing certain ports and ensuring that the password protection is set up. Where the config says port 3128, feel free to set that to anything you want, 3128 is just the default port used by Squid
    Code:
    echo -e "
    http_port 3128
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    
    acl SSL_ports port 443
    acl Safe_ports port 80        # http
    acl Safe_ports port 425       # smtp
    acl Safe_ports port 21        # ftp
    acl Safe_ports port 443       # https
    acl Safe_ports port 70        # gopher
    acl Safe_ports port 210       # wais
    acl Safe_ports port 1025-65535    # unregistered ports
    acl Safe_ports port 280        # http-mgmt
    acl Safe_ports port 488        # gss-http
    acl Safe_ports port 591        # filemaker
    acl Safe_ports port 777        # multiling http
    acl CONNECT method CONNECT
    
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access allow Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localnet
    http_access allow localhost
    hierarchy_stoplist cgi-bin ?
    coredump_dir /var/spool/squid
    refresh_pattern ^ftp:        1440    20%    10080
    refresh_pattern ^gopher:    1440    0%    1440
    refresh_pattern -i (/cgi-bin/|?) 0    0%    0
    refresh_pattern .        0    20%    4320
    auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_access
    auth_param basic childred 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    acl ncsaauth proxy_auth REQUIRED
    http_access allow ncsaauth
    forwarded_for off
    request_header_access Allow allow all
    request_header_access Authorization allow all
    request_header_access WWW-Authenticate allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Proxy-Authenticate allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Encoding allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Expires allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Last-Modified allow all
    request_header_access Location allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all
    request_header_access Content-Language allow all
    request_header_access Mime-Version allow all
    request_header_access Retry-After allow all
    request_header_access Title allow all
    request_header_access Connection allow all
    request_header_access Proxy-Connection allow all
    request_header_access User-Agent allow all
    request_header_access Cookie allow all
    request_header_access All deny all" >> /etc/squid/squid.conf
    
    All that file does is allow certain ports to be used through the proxy, it tells the proxy you should be authenticated before you can browse through it and ensures that the proxy does not forward your real IP address with any requests.

    Right, the proxy is nearly set up but we have to set up some credentials for Squid to use to see if a user is allowed to browse via the proxy, so lets set up our first user. Just put any username and password you fancy in!
    Code:
    htpasswd -b -c /etc/squid/squid_access username password
    
    If you want to add further users, you don't have to use the -c flag which will create the file if it wasn't there, so just use
    Code:
    htpasswd -b /etc/squid/squid_access username password
    
    To make sure the proxy starts when your VPS starts, for example after you reboot, you need to switch the auto start on for it
    Code:
    chkconfig squid on
    
    Now you only have to restart the proxy
    Code:
    service squid restart
    
    You can now connect to your proxy using the IP of your VPS and the port you specified in the config file (if you didn't change it, the port is 3128)

    If you want to add extra ports to it, for example the cPanel control panel (port 2083), all you have to do is edit the squid.conf file, add the port, save the config file and restart

    To edit the config file
    Code:
    /etc/squid/squid.conf
    
    Scroll down until you see the line
    Code:
    acl CONNECT method CONNECT
    
    and just ABOVE it, give the port number you want. In this example we are adding the cPanel port 2083
    Code:
    acl Safe_ports port 2083
    
    Save the file and restart Squid
    Code:
    service squid restart
    
    You now have an elite, password protected proxy.

    If you have problems anywhere, feel free to contact Auto IM who will help where possible or use our proxy install service to let us do it all for you.

    If you get errors, use the following command to check out Squids report
    Code:
    systemctl status squid.service
    
    

    ** EDIT ** 19:05 BST - typo spotted in the config, now changed!
     
    • Thanks Thanks x 19
    Last edited: Oct 17, 2014
  2. DataBots

    DataBots Newbie

    Joined:
    Sep 23, 2013
    Messages:
    16
    Likes Received:
    3
    Why didn't this get more thanks??

    I haven't tried it but it seems like useful information.
     
    • Thanks Thanks x 1
  3. EpicApps

    EpicApps Junior Member

    Joined:
    Dec 2, 2013
    Messages:
    102
    Likes Received:
    18
    Location:
    Online
    Home Page:
    wow, nice post man. one question what If I wanted to make like 100 of these proxies?
     
    • Thanks Thanks x 1
  4. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,174
    Likes Received:
    2,222
    I love your posts, you should put them all on a website.
     
    • Thanks Thanks x 1
  5. TrevorB

    TrevorB Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 21, 2011
    Messages:
    1,185
    Likes Received:
    361
    Location:
    Canada
    That's a very good question. I would like to know also.
     
    • Thanks Thanks x 1
  6. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
  7. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Its the way of BHW :)

    Easiest thing is to buy 100 different VPSes. There is a way of running more than one Squid process per IP on a VPS, so if you have a VPS with 10 IP addresses that could be 10 proxies but to be honest its a pain in the ass to set up. I normally grab cheap VPSes and go for it :)

    I have started now - http://autoim.net is going to be the new site which will mix posts like this, some vulnerability posts and a few of my bots :)

    Thinking about it - AutoIM is like my brain dump :D
     
  8. aqibarif74

    aqibarif74 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 20, 2013
    Messages:
    1,851
    Likes Received:
    468
    Occupation:
    Founder of Aheadhost.com
    Home Page:
    Useful thread dude! will try soon :)
     
    • Thanks Thanks x 1
  9. saadad

    saadad Junior Member

    Joined:
    Feb 25, 2009
    Messages:
    168
    Likes Received:
    23
    Home Page:
    Thanks for this cool info. But this 1 proxy is then 5$ per month. Does someone know the cheapest VPS solution? And what can you do with 1 private proxie? Create 1 account?
     
  10. BigMoneyyy

    BigMoneyyy Power Member

    Joined:
    Feb 27, 2014
    Messages:
    644
    Likes Received:
    140
    Occupation:
    Internet Marketing
    Location:
    BHW
    Thanks. Great tutorial. What countries IP do you recommend for spam?
     
  11. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Depends where you look and what locations - I can probably set you up a proxy cheaper than $5 a month :)
    What you can do with it - anything you want really.....

    I don't do spamming so I wouldn't know. Apart from that unless you sign up to a hosting provider that doesn't care about spamming you will be shut down quite quickly anyway. I know that for any proxies I set up I tend to block email sending to protect myself, my servers and my pocket!
     
  12. burglar

    burglar Registered Member

    Joined:
    Feb 22, 2009
    Messages:
    62
    Likes Received:
    29
    Occupation:
    IM
    Location:
    USA
    Very nicely presented, FB. Thanks.

    I was using my own proxy a while back but have since switched hosting providers and kind of let it go. Since I was using it to avoid prying eyes, I more-or-less let my guard down (got lazy).

    Since I am running a VPS config just as you have tried, I will give this a shot.
     
    • Thanks Thanks x 1
  13. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    If you are using CentOS 7 I have hit a couple of 'funnies' using it today. Switched to the Debian version and nothing but smooth going.......I am a Debian guy at heart, should of stayed with it :D
     
  14. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Off the top of my head I can probably do 3 locations for the price of a $5 VPS.
    Will have to take a look at some figures so keep an eye on the website or even for a BST here if I get my shit together!!
     
  15. sanishan

    sanishan Newbie

    Joined:
    Mar 2, 2009
    Messages:
    24
    Likes Received:
    7
    Occupation:
    FreeLancer
    Location:
    Out of Space
    Well I have tried other proxy creating online methods multiple time everytime something wrong, right know i am looking for VPN solution "Fatboy" if you please let me know. I have a centos 6 and windows 2008 RS VPS
     
  16. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Search my name here - I did a how to on making a VPN in seconds using Debian, could be altered for Centos if you want to
     
  17. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Just another update - a lot of people have contacted me on how to set up multiple squid instances if you have a VPS with multiple IP addresses. I have the info ready and will be writing up a basic How-To in the next day or so if I get time.

    If I can I will also use the Debian script that I found (and posted) about to make it easy to set up multi-proxies.
     
  18. WestYorkshire786

    WestYorkshire786 Newbie

    Joined:
    Oct 20, 2014
    Messages:
    14
    Likes Received:
    1
    thanks that was so helpful
     
    • Thanks Thanks x 1
  19. MisterNick

    MisterNick Registered Member

    Joined:
    Oct 22, 2014
    Messages:
    54
    Likes Received:
    45
    Occupation:
    Programmer
    Location:
    Tbilisi,Georgia
    Very useful thread for me,will give it a shot.
     
    • Thanks Thanks x 1
  20. bimbimpr

    bimbimpr Junior Member Premium Member

    Joined:
    May 22, 2014
    Messages:
    100
    Likes Received:
    19
    Can u describe config to setup dedicated server with 100 and more ips? thx.