“Reverse SOCKS proxy”? – Server Fault

I have spent about 8 hours today trying to get OpenSSH working on Windows Server 2016 Datacenter with no success. It’s been a constant battle troubleshooting permissions, debugging SSH, and millions of google searches.

I have a separate server in Digital Ocean that I was going to use as a “middle server” to essentially connect my local VM and my Windows Server 2016 Datacenter system together via SSH.

From the Windows VM, the goal was this:

ssh root@my-vps -R 22:localhost:9999

And from my linux VM, the goal was to do this:

ssh root@my-vps -p 9999 -D 9050

And from within Firefox on my Linux VM, I was going to use localport 9050 as my SOCKS proxy. I have done this hundreds of times over the last few years, but I’m stumped when it comes to figuring this out on Windows.

Considering I can’t stand up an OpenSSH server on the Windows VM, what alternative options would I have? I can establish SSH connections from my Windows VM, but I cannot accept incoming connections due to to a ton of OpenSSH issues on Windows Server 2016 Datacenter. On the Windows server, I can’t even ssh into localhost without millions of issues.

I haven’t done anything such as what I’m trying to accomplish, so I’m curious to see if it’s even possible.

Any suggestions on an alternative approach would be greatly appreciated.

proxy – Change path of cookie using Squid

I am using squid reverse proxy on Windows.

I already tried using it for http and https and it is working fine. However, this time, I want to try changing the path of cookie so that same JSESSIONID will be set on my 2 sites.

Is it possible to change the path of cookie from “/DefaultSite” to “/” using Squid?

This is my current squid.conf:

# Squid normally listens to port 3128
http_port 80 accel defaultsite=172.28.50.1 ignore-cc

#Site2 Settings
acl Site2 urlpath_regex ^/Site2/ ^/Site2$
http_access allow Site2
cache_peer 172.28.50.2 parent 8080 0 no-query originserver name=Site2
cache_peer_access Site2 allow Site2
cache_peer_access Site2 deny all

#DefaultSite Settings
acl MySite urlpath_regex ^/DefaultSite/ ^/DefaultSite$
http_access allow MySite
cache_peer 172.28.50.1 parent 8080 0 no-query originserver name=DefaultSite
cache_peer_access DefaultSite allow MySite
cache_peer_access DefaultSite deny all

Thank you in advance.

New more extensive reliability test for proxy — 👉 GSA SEO and Marketing Forum 👈

Hi @Sven, I am placing this discussion in the SER category but it could also be for Gsa Proxy Scraper.

I thinking about this for several days. Every time I test (public) proxies with Bing tests and use them in SER, 90% burns in a few minutes.

They are not that they get banned by the search engine because I do not use them to scrape, the listings are imported.

I know our IP can be banned by proxies after a few uses but in my opinion it is not that, 90% is too much.

I think we should add another test, a test that tests the sending and receiving of data for each proxy.

For the downlnoad, downloading a photo for example would suffice but for the upload? Something must be found.

I also appeal to all members who read this post. What could we use heavily enough to do an upload/download test?

A proxy whose upload and download have been tested beforehand would be much less inclined to burn under load.

Apache2 reverse proxy https http with digest authentication

Sorry, If I posted a repeated question. Didn’t find my answer yet.

What I have is:

  • a webservice on LAN which is only accesable over HTTP ans uses Digest Auth
  • another server in LAN which has Apache2 service, that I would like to use as HTTP/HTTPS proxy

I enabled listen to 8888 port and added this config:

<VirtualHost *:8888>
    ServerName local_domain
    ServerAdmin webmaster@localhost
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ProxyPreserveHost On
    ProxyPass /cam http://local_ip
    ProxyPassReverse /cam http://local_ip
</VirtualHost>

Proxy works, but the authentication doesn’t go through. On visit a login popup show. If I enter wrong credentials, the response is ok, 401 Authorization required. But if I enter correct credentials I receive error 400 Bad Request.

What’s the issue? I guess something is either missin or incorrect in HTTP header? Should somehow the cookie be forwarded?

Can you give me a hint? :]

thanks!
Mario

Active Directory Group Policy – Allow Outlook through proxy settings

I am trying to allow access to Outlook(MS Office Standard 2016) access through an Active Directory Group Policy proxy I have created.

I am allowing a specific set of websites to a specific set of workstations. I have made this work by:

a) removing Firefox, Chrome, and IE11 from the workstation, leaving only Edge, and

b) in Group Policy(User Config->Preferences->Windows Settings->Registry), I have configured registry keys to set up a dummy proxy server, and then override it to allow the specific websites through. It may not be pretty, but it is working.

When I have set up the above configuration, I find that Outlook is showing a “Disconnected” status with this Group Policy. What parameters in the ProxyOverride need to be configured to allow Outlook access through the proxy?

Windows Server 2016/Active Directory —
Windows 10 environment —
Outlook(MS Office Standard 2016)

Thanks for your input!

Clyde

how can install Proxy ( MTPROTO) server by unlimited resource and connections

Hello,

I installed the telegram mtproto proxy server by Several methods, on a KVM VPS by

8 GB RAM, dedicated
8 Core CPU,
unlimite… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1834920&goto=newpost

virtualhost – Hosting 2 static sites and Mattermost on a VPS. How to set up virtual host / rev. proxy to show MM on sub.mysite.com?

I’m using a personal VPS (Ubuntu 20, Apache2) to host a couple of static websites:
site1.com and site2.org.

These sites are working fine and available at the expected URLs. The config files are
site1.com.conf and site2.org.conf located in /etc/apache2/sites-available/.

I installed a Mattermost instance and it is currently available on port 8065:
site1.com:8065
or
site2.org:8065

How can I set up Apache to make Mattermost appear at mm.site2.org?

I’ve tried the approach here and here, summarized as follows:

I created a config file like this:

# /etc/apache2/sites-available/mm.site2.org.conf
<VirtualHost *:80>
    ServerName mm.site2.org

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


    ProxyRequests Off
    <Proxy http://localhost:8065/*>       
      Order deny,allow
      Allow from all
    </Proxy>
        
    ProxyPass / http://127.0.0.1:8065/
    ProxyPassReverse / http://127.0.0.1:8065/

    <Location />
      Order allow,deny
      Allow from all
    </Location>

</VirtualHost>

The relevant first few lines of my Mattermost config file look like this:

{
    "ServiceSettings": {
        "SiteURL": "https://mm.site2.org",
        "WebsocketURL": "",
        "LicenseFileLocation": "",
        "ListenAddress": ":8065",
( ... )

After setting up the above, I’ve run the requisite commands to restart the services like this:

sudo systemctl restart mattermost.service
sudo a2ensite mm.site2.org.conf
sudo systemctl reload apache2
sudo service apache2 restart

I’ve also tried a variant of the <Proxy ...> line in the Apache conf file, based on some different sources, using simply <Proxy *> as some sources suggest.

If it is relevant, my DNS settings consist simply of two A records (@ and www) for each site.

The output of apache2ctl -S is:

AH00526: Syntax error on line 36 of /etc/apache2/sites-enabled/site1.com-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/site1.com/fullchain.pem' does not exist or is empty
Action '-S' failed.
The Apache error log may have more information.

(not sure what to make of this; successfully ran certbot recently and the https access works fine on my sites).

No luck getting Mattermost to appear on the subdomain desired. Thanks in advance.

php – How to temporarily deny access to users using PROXY / VPN and, ip blacklist, give access by validating captcha code?

I do not seek to block users, nor do I block content, I would not care much if there was a false positive, because I am simply looking to integrate an additional step for those antecedents, adding a CAPTCHA to make life a bit difficult for spammers and malicious users.

So what I want to achieve is the following:

  • If the user uses PROXY show the captcha
  • If the user uses PROXY from the list of ports, show the captcha
  • If the user’s IP is on the black list, show the captcha

I have already created my captcha image and, I retrieve the value / words as follows:

$_SESSION('code_captcha') = '';
$chars = array();
$imageWidth = 0;
$imageHeight = 0;

for ($i = 0; $i < $charsLength; $i++) {
  //rest of the code of the captcha image...

If the user is between those conditions, I am going to show him a template where the captcha image will be displayed and the form where the text must be entered in the imput field to validate access to the page.

<input name="code_captcha" type="text">

The following code I have tested, I have used a VPN application and it has detected that I am using a PROXY:

if(!gethostbyaddr(getenv('REMOTE_ADDR'))
    || gethostbyaddr(getenv('REMOTE_ADDR')) == "."
    || !getenv('HTTP_ACCEPT_ENCODING')
    || getenv('HTTP_X_FORWARDED_FOR')
    || getenv('HTTP_X_FORWARDED')
    || getenv('HTTP_FORWARDED_FOR')
    || getenv('HTTP_VIA')
    || getenv('HTTP_FORWARDED')
    || getenv('HTTP_CLIENT_IP')
    || getenv('HTTP_FORWARDED_FOR_IP')
    || getenv('VIA')
    || getenv('X-PROXY-ID')
    || getenv('MT-PROXY-ID')
    || getenv('X-TINYPROXY')
    || getenv('PROXY-AGENT')
    || getenv('X_FORWARDED_FOR')
    || getenv('FORWARDED_FOR')
    || getenv('X_FORWARDED FORWARDED')
    || getenv('HTTP_X_CLUSTER_CLIENT_IP')
    || getenv('CLIENT-IP')
    || getenv('CLIENT_IP')
    || getenv('FORWARDED_FOR_IP')
    || getenv('HTTP_PROXY_CONNECTION')
    || getenv('PROXY_CONNECTION')
    || in_array(getenv('REMOTE_PORT'), array(8080,80,6588,8000,3128,553,554))
    || @fsockopen(getenv('REMOTE_ADDR'), 80, $NUM_ERROR, $CONNECTION_TIME, 0)
    || !getenv('HTTP_CONNECTION')){
    echo 'proxy';
} else {
    echo 'no proxy';
}

But in the event that it fails, I don’t know, if the most appropriate thing is to integrate a second check, adding the most common ports used by those VPN applications:

$PORT = $_SERVER('SERVER_PORT');
$PROXY_PORT = array("80","81","553","554","1080","3128","4480","6588","8000","8080");
//var_export ($PROXY_PORT);

//array_key_exists / in_array / array_search
if ((in_array($PORT, $PROXY_PORT) !== FALSE) && ($PROXY_PORT)) {
    echo "Proxy";
} else {
    echo "No proxy";
}

Finally, on the web and, in some directories, I have found some blacklists of IP addresses, the same ones that I have saved in a .txt file, I don’t know if it is the most appropriate or to store them in a MYSQL database:

$FILE_PATH = 'blocked_ips.txt';
function IP_ADDRESS() {
    $IP_ADDRESS = '';
    if (getenv('HTTP_CLIENT_IP'))
        $IP_ADDRESS = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_CF_CONNECTING_IP'))
        $IP_ADDRESS = getenv('HTTP_CF_CONNECTING_IP');
    else if(getenv('HTTP_X_REAL_IP'))
        $IP_ADDRESS = getenv('HTTP_X_REAL_IP');
    else if(getenv('HTTP_X_CLUSTER_CLIENT_IP'))
        $IP_ADDRESS = getenv('HTTP_X_CLUSTER_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $IP_ADDRESS = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $IP_ADDRESS = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $IP_ADDRESS = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
        $IP_ADDRESS = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $IP_ADDRESS = getenv('REMOTE_ADDR');
    else
        $IP_ADDRESS = 'UNKNOWN';
    return $IP_ADDRESS;
}

$BLACK_LIST = file($FILE_PATH);

foreach (array_values($BLACK_LIST) AS $IP_BLOCKED){
    if (trim($IP_BLOCKED) == IP_ADDRESS()){
        //hide the web application, instead of the web page, show a template where the captcha image
        //is located that the user must validate to access the page.
        //Once this test is passed, the user will be able to access the web application.
        include 'template_captcha.php';
        exit;
    }
} 
echo 'Authorized!';
//access the web application

My captcha template: https://i.imgur.com/9ca3aVG.png

Now my question is this:

  • How can I combine all my code, for verification, since the visiting user if he uses PROXY / VPN and, if he is in the black list, he will have to fill the CAPTCHA code?

But the user must be verified only once, because if the user passes the test, the validation of the Captcha code must be saved in a SESSION, to avoid that the Captcha code is shown again or appears when visiting another URL or when reloading the page, only in the event that the user closes the browser will they have to re-enter the CAPTCHA code.

proxy – How to prevent someone from proxying your Websites

So someone is mirroring my site with a proxy and hides behind cloudflare (cloudflare already notified and google also) so i cant find out the real ip of the server to block it.

Is there anyway to detect if your website is opening in a other domain and block it or redirect it?

maybe some javascript hostname lookup and then redirect? or is there a better solution?

Im using Cyberpanel with Openlitespeed, Configsever Firewall, Modesecurity and as CMS WordPress latest version

How can I turn my VPS into private proxy

Recently, i read a method which can turn your VPS into private proxy with username, password and port. But, when i tried to install the scri… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1833956&goto=newpost