Make your own private elite proxy

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
Ok - off the back of the VPN in minutes post I made here a while ago, I thought I would throw up a how to on making an elite proxy using a CentOS VPS and Squid. This is a bit longer than the last post so what I put here is also available from my website (http://autoim.net/elite-squid-proxy-setup/) incase you need an easy bookmark.

Here we go (this is a copy / paste job so hopefuly it goes right from my site!):

Ok, we have already told you how to set up a VPN in minutes so how about another tutorial on how to set up your own elite proxy using CentOS and Squid. The proxy will be fully password protected so only authenticated users can use it.

Please note that this tutorial is aimed at CentOS 64bit versions, we are using version 7 - this will work on other distros but you will have to alter the commands you use, for example instead of 'yum' on Debian you would use 'apt-get'.

The proxy we set up for this tutorial was created on a Digital Ocean droplet. Mod Edit - Aff link removed

Right, with that out of the way, fire up your VPS, log in via SSH and type the following:

Firstly update the VPS and install the prerequisites for installing Squid
Code:
yum update
yum install squid http-tools -y
When everything has been updated and installed, we will need to clear out any old Squid configuration files, and set a blank file
Code:
rm -rf /etc/squid/squid.conf
touch /etc/squid/squid.conf
Now we will give Squid a basic configuration, allowing certain ports and ensuring that the password protection is set up. Where the config says port 3128, feel free to set that to anything you want, 3128 is just the default port used by Squid
Code:
echo -e "
http_port 3128
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 425       # smtp
acl Safe_ports port 21        # ftp
acl Safe_ports port 443       # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210       # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|?) 0    0%    0
refresh_pattern .        0    20%    4320
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_access
auth_param basic childred 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all" >> /etc/squid/squid.conf
All that file does is allow certain ports to be used through the proxy, it tells the proxy you should be authenticated before you can browse through it and ensures that the proxy does not forward your real IP address with any requests.

Right, the proxy is nearly set up but we have to set up some credentials for Squid to use to see if a user is allowed to browse via the proxy, so lets set up our first user. Just put any username and password you fancy in!
Code:
htpasswd -b -c /etc/squid/squid_access username password
If you want to add further users, you don't have to use the -c flag which will create the file if it wasn't there, so just use
Code:
htpasswd -b /etc/squid/squid_access username password
To make sure the proxy starts when your VPS starts, for example after you reboot, you need to switch the auto start on for it
Code:
chkconfig squid on
Now you only have to restart the proxy
Code:
service squid restart
You can now connect to your proxy using the IP of your VPS and the port you specified in the config file (if you didn't change it, the port is 3128)

If you want to add extra ports to it, for example the cPanel control panel (port 2083), all you have to do is edit the squid.conf file, add the port, save the config file and restart

To edit the config file
Code:
/etc/squid/squid.conf
Scroll down until you see the line
Code:
acl CONNECT method CONNECT
and just ABOVE it, give the port number you want. In this example we are adding the cPanel port 2083
Code:
acl Safe_ports port 2083
Save the file and restart Squid
Code:
service squid restart
You now have an elite, password protected proxy.

If you have problems anywhere, feel free to contact Auto IM who will help where possible or use our proxy install service to let us do it all for you.

If you get errors, use the following command to check out Squids report
Code:
systemctl status squid.service


** EDIT ** 19:05 BST - typo spotted in the config, now changed!
 
Last edited:

DataBots

Newbie
Joined
Sep 23, 2013
Messages
32
Reaction score
5
Why didn't this get more thanks??

I haven't tried it but it seems like useful information.
 

EpicApps

Junior Member
Joined
Dec 2, 2013
Messages
104
Reaction score
18
wow, nice post man. one question what If I wanted to make like 100 of these proxies?
 

lord1027

Elite Member
Joined
Sep 20, 2013
Messages
3,217
Reaction score
2,341
I love your posts, you should put them all on a website.
 

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
Why didn't this get more thanks??

I haven't tried it but it seems like useful information.

Its the way of BHW :)

wow, nice post man. one question what If I wanted to make like 100 of these proxies?
That's a very good question. I would like to know also.

Easiest thing is to buy 100 different VPSes. There is a way of running more than one Squid process per IP on a VPS, so if you have a VPS with 10 IP addresses that could be 10 proxies but to be honest its a pain in the ass to set up. I normally grab cheap VPSes and go for it :)

I love your posts, you should put them all on a website.

I have started now - http://autoim.net is going to be the new site which will mix posts like this, some vulnerability posts and a few of my bots :)

Thinking about it - AutoIM is like my brain dump :D
 

saadad

Junior Member
Joined
Feb 25, 2009
Messages
183
Reaction score
32
Website
www.dadaas.com
Thanks for this cool info. But this 1 proxy is then 5$ per month. Does someone know the cheapest VPS solution? And what can you do with 1 private proxie? Create 1 account?
 

BigMoneyyy

Power Member
Joined
Feb 27, 2014
Messages
643
Reaction score
140
Thanks. Great tutorial. What countries IP do you recommend for spam?
 

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
Thanks for this cool info. But this 1 proxy is then 5$ per month. Does someone know the cheapest VPS solution? And what can you do with 1 private proxie? Create 1 account?

Depends where you look and what locations - I can probably set you up a proxy cheaper than $5 a month :)
What you can do with it - anything you want really.....

Thanks. Great tutorial. What countries IP do you recommend for spam?

I don't do spamming so I wouldn't know. Apart from that unless you sign up to a hosting provider that doesn't care about spamming you will be shut down quite quickly anyway. I know that for any proxies I set up I tend to block email sending to protect myself, my servers and my pocket!
 

burglar

Registered Member
Joined
Feb 22, 2009
Messages
62
Reaction score
29
Very nicely presented, FB. Thanks.

I was using my own proxy a while back but have since switched hosting providers and kind of let it go. Since I was using it to avoid prying eyes, I more-or-less let my guard down (got lazy).

Since I am running a VPS config just as you have tried, I will give this a shot.
 

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
If you are using CentOS 7 I have hit a couple of 'funnies' using it today. Switched to the Debian version and nothing but smooth going.......I am a Debian guy at heart, should of stayed with it :D
 

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
Thanks for this cool info. But this 1 proxy is then 5$ per month. Does someone know the cheapest VPS solution? And what can you do with 1 private proxie? Create 1 account?

Off the top of my head I can probably do 3 locations for the price of a $5 VPS.
Will have to take a look at some figures so keep an eye on the website or even for a BST here if I get my shit together!!
 

sanishan

Newbie
Joined
Mar 2, 2009
Messages
26
Reaction score
12
Well I have tried other proxy creating online methods multiple time everytime something wrong, right know i am looking for VPN solution "Fatboy" if you please let me know. I have a centos 6 and windows 2008 RS VPS
 

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
Search my name here - I did a how to on making a VPN in seconds using Debian, could be altered for Centos if you want to
 

fatboy

Elite Member
Joined
Aug 13, 2008
Messages
1,615
Reaction score
3,261
Just another update - a lot of people have contacted me on how to set up multiple squid instances if you have a VPS with multiple IP addresses. I have the info ready and will be writing up a basic How-To in the next day or so if I get time.

If I can I will also use the Debian script that I found (and posted) about to make it easy to set up multi-proxies.
 

bimbimpr

Junior Member
Premium Member
Joined
May 22, 2014
Messages
101
Reaction score
20
Can u describe config to setup dedicated server with 100 and more ips? thx.
 
Top