Building Anonymous Proxy with Squid

Home / Building Anonymous Proxy with Squid

Building Anonymous Proxy with Squid

December 9, 2015 | Article | 2 Comments

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user’s behalf, protecting personal information by hiding the client computer’s identifying information.

In this article we will discuss about how to use squid proxy as anonymous proxy. In this article I use:

  1. FreeBSD 8.3
  2. Squid Proxy

Although I use FreeBSD, the method covered in this article will be written as generic as possible which should be applicable for either FreeBSD, Linux, or other Operating System.

Make sure Squid proxy is installed on your machine. You can either do fresh installing Squid Proxy, or using established / running Squid Proxy. Both are usable.

How it Works

Every machine connected to the internet has a unique Internet Protocol address (or IP address). Of course our machine too. The IP might be statically allocated or can dynamically change each time we go surfing. On both cases, we are tagged with IP address. Well, it is necessary for the intercommunicate within a network. Literally, it can be called our identity or address on internet world.

IP addresses do not contain any personally identifiable information about the assigned machine. Neither the user. However, if we are signed up with an Internet Service Provider (ISP) then our ISP can easily link our IP address with our name, home address, phone number, e-mail address and even credit card information. Well, ISPs have strict privacy policies so it won’t give out your personal information to random people. Neither they will give your information for police, unless you have done something.

A proxy can act as a bridge, connecting client to internet. It facilitates us, either for browsing or in operating system level, on internet. Thus when you get touch with a server or other client in internet, they won’t get your IP address and get proxy information instead. In Anonymous Proxy, it will completely hide our identity.

anonymous-proxy-server
A Proxy in Action

Configuration

Edit /usr/local/etc/squid/squid.conf (default FreeBSD installation using ports) or /usr/local/squid/etc/squid.conf (Generic path for source installation. This might be vary according to your installation). On rest of this article we will use squid.conf, unless told otherwise.

Disable Forwarded Client IP

In default configuration, Squid will forwards the client IP address to the respective website. This, of course, is unsuitable and must be disabled if we want to build an anonymous proxy server. Hiding IP address method will force Squid to send only IPs which are configured on the server. Now alter / modify to be this line (or create it if it doesn’t exists):

forwarded_for off

Configuring IPs

Next we will generate rules for outgoing IPs. If anyone connects to any IP addresses listed here, it will go with the same IP to the destination server. In this way, we can connect several clients on different IPs and all IPs act as an anonymous proxies.

acl ip1 myip 192.168.0.1
tcp_outgoing_address 192.168.0.1 ip1
acl ip2 myip 192.168.0.2
tcp_outgoing_address 192.168.0.2 ip2
acl ip3 myip 192.168.0.3
tcp_outgoing_address 192.168.0.3 ip3
acl ip4 myip 192.168.0.4
tcp_outgoing_address 192.168.0.4 ip4
acl ip5 myip 192.168.0.5
tcp_outgoing_address 192.168.0.5 ip5

There is no limit for this list. We can add as many IP address as we like, but at least use the same pattern as above.

Enable Anonymizer

Now, this is the core part of our article. Add this at the bottom of squid.conf:

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

Configuration is finished. You can restart / reconfigure Squid. If you see an error message such as visibile_hostname error after starting the service, then edit squid.conf and add visibile_hostname tag with your machine’s hostname. For example:

visible_hostname veda.celestial-being.net

Testing the Proxy

Our server is ready now. Use any web browser you like and point your Proxy to machine we have built. Make sure to write correct IP and correct port used by Squid on browser’s proxy configuration. If you activated account system on Squid, you will be asked for username and password before you can browsed. Now check the anonymity by open http://www.whatsmyipaddress.com/.

Beware. If something wrong in request_header_access, our proxy can be detected. But this is fine. It will just show the IP and assume it’s a direct connection without a proxy.

,

About Author

about author

xathrya

A man who is obsessed to low level technology.

2 Comments
  1. Building Small Proxy using Micro Proxy - Xathrya.ID

    […] other occasion, we have discussed about how to use Squid and building an Anonymous Server. In this article, we would build a similar thing but in smaller size. We would build a small proxy […]

  2. irfan

    Om kalau misalnya squid terus random IPnya dari vpn bisa nggak ya ?misalnya beli nordnvpn kan dapat banyak file vpn, bagaimana untuk menggabungkannya dengan squid ?

    terima kasih

Leave a Reply

Your email address will not be published. Required fields are marked *

Social media & sharing icons powered by UltimatelySocial