An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user’s behalf, protecting personal information by hiding the client computer’s identifying information.
In this article we will discuss about how to use squid proxy as anonymous proxy. In this article I use:
- FreeBSD 8.3
- Squid Proxy
Make sure Squid proxy is installed on your machine. You can either do fresh installing Squid Proxy, or using established / running Squid Proxy. Both are usable.
How it Works
Every machine connected to the internet has a unique Internet Protocol address (or IP address). Of course our machine too. The IP might be statically allocated or can dynamically change each time we go surfing. On both cases, we are tagged with IP address. Well, it is necessary for the intercommunicate within a network. Literally, it can be called our identity or address on internet world.
IP addresses do not contain any personally identifiable information about the assigned machine. Neither the user. However, if we are signed up with an Internet Service Provider (ISP) then our ISP can easily link our IP address with our name, home address, phone number, e-mail address and even credit card information. Well, ISPs have strict privacy policies so it won’t give out your personal information to random people. Neither they will give your information for police, unless you have done something.
A proxy can act as a bridge, connecting client to internet. It facilitates us, either for browsing or in operating system level, on internet. Thus when you get touch with a server or other client in internet, they won’t get your IP address and get proxy information instead. In Anonymous Proxy, it will completely hide our identity.
Edit /usr/local/etc/squid/squid.conf (default FreeBSD installation using ports) or /usr/local/squid/etc/squid.conf (Generic path for source installation. This might be vary according to your installation). On rest of this article we will use squid.conf, unless told otherwise.
Disable Forwarded Client IP
In default configuration, Squid will forwards the client IP address to the respective website. This, of course, is unsuitable and must be disabled if we want to build an anonymous proxy server. Hiding IP address method will force Squid to send only IPs which are configured on the server. Now alter / modify to be this line (or create it if it doesn’t exists):
Next we will generate rules for outgoing IPs. If anyone connects to any IP addresses listed here, it will go with the same IP to the destination server. In this way, we can connect several clients on different IPs and all IPs act as an anonymous proxies.
acl ip1 myip 192.168.0.1 tcp_outgoing_address 192.168.0.1 ip1 acl ip2 myip 192.168.0.2 tcp_outgoing_address 192.168.0.2 ip2 acl ip3 myip 192.168.0.3 tcp_outgoing_address 192.168.0.3 ip3 acl ip4 myip 192.168.0.4 tcp_outgoing_address 192.168.0.4 ip4 acl ip5 myip 192.168.0.5 tcp_outgoing_address 192.168.0.5 ip5
There is no limit for this list. We can add as many IP address as we like, but at least use the same pattern as above.
Now, this is the core part of our article. Add this at the bottom of squid.conf:
request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all
Configuration is finished. You can restart / reconfigure Squid. If you see an error message such as visibile_hostname error after starting the service, then edit squid.conf and add visibile_hostname tag with your machine’s hostname. For example:
Testing the Proxy
Our server is ready now. Use any web browser you like and point your Proxy to machine we have built. Make sure to write correct IP and correct port used by Squid on browser’s proxy configuration. If you activated account system on Squid, you will be asked for username and password before you can browsed. Now check the anonymity by open http://www.whatsmyipaddress.com/.
Beware. If something wrong in request_header_access, our proxy can be detected. But this is fine. It will just show the IP and assume it’s a direct connection without a proxy.proxy, squid