LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-09-2012, 05:44 PM   #1
mohtasham1983
Member
 
Registered: Apr 2005
Location: San Jose
Distribution: Fedora 3,4- Ubuntu 6.06 to 8.10, Gentoo and Arch
Posts: 408

Rep: Reputation: 30
Encrypted HTTP Proxy Server


Hi,

I have set up a Squid HTTP proxy on my home computer so that my dad can surf the web through it. However, his ISP can see all the exchanged data between his computer and the Squid server, since there's no encryption.

He used to surf the web through SSH Tunnel, but his ISP is now blocking SSH packets. We tried OpenVPN as well, but they block OpenVPN as well.

At the moment, the only solution I can think about is using a HTTP proxy server similar to Squid, but with encryption support, so that the ISP won't be able to see any data. This method requires a client application installed on his side as well.

Any idea if there's any such tools around? If they require coding, I can code in Java and Python.
 
Old 02-09-2012, 06:26 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
you've not said where your dad is compared to this server, but presuming it's remote and it's the connection between his browser and your squid that you want to secure, I'm sure you can just enable it on squid with the https_proxy value, giving it a cert and key to use. Then you just tell the browser to use https://myproxy.com as opposed to http://myproxy.com

If I'm wrong, then a slight mod to your desired solution can be to use stunnel to make a real simple ssl tunnel with a copy at each end and then just point the browser to the local encrpytion port which is then configured to point it at squid at the other end. Just looking it up now, and it oddly doesn't support socks proxying (which is another reason ssh is awesome) so you would still need to throw the traffic at a proxy to get back out into the world.
 
Old 02-09-2012, 07:04 PM   #3
mohtasham1983
Member
 
Registered: Apr 2005
Location: San Jose
Distribution: Fedora 3,4- Ubuntu 6.06 to 8.10, Gentoo and Arch
Posts: 408

Original Poster
Rep: Reputation: 30
Yes, my dad is on a remote machine and I want to encrypt the connection between his machine and my Squid server. I'm not too sure if HTTPs solution would work permanently for him, since his ISP has started blocking HTTPs since last night and most likely will continue doing it for a few more weeks.

If HTTPs doesn't work for him, I will try the STunnel solution. But I'm afraid his ISP can detect STunnl as well.

I don't really need to encrypt data to make the connection super secure. I just need a connection that his ISP cannot determine if it's passing secure data. SSH tunnel is pretty secure, but it can be easily detected by ISPs since it's in application layer.
 
Old 02-10-2012, 03:22 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
they shouldn't be able to, it should look *EXACTLY* the same as normal HTTPS traffic, as when an end to end HTTPS session is created there is no actual HTTP data ever visible, the only thing the ISP would see is the IP and port, not the website name etc. The only exception to this that I'm aware of is if the ISP is actually intercept the SSL handshakes itself, which is how my current employer works, so even my banking sessions are visible to the transparent proxies at my work place... but this is VERY rare, and especially on a normal ISP it would just be unheard of in any modern country.
 
Old 02-13-2012, 01:51 AM   #5
AhAdComesIn
LQ Newbie
 
Registered: Feb 2012
Posts: 4

Rep: Reputation: Disabled
httptunnel

Quote:
Originally Posted by mohtasham1983 View Post
Yes, my dad is on a remote machine and I want to encrypt the connection between his machine and my Squid server. I'm not too sure if HTTPs solution would work permanently for him, since his ISP has started blocking HTTPs since last night and most likely will continue doing it for a few more weeks.

If HTTPs doesn't work for him, I will try the STunnel solution. But I'm afraid his ISP can detect STunnl as well.

I don't really need to encrypt data to make the connection super secure. I just need a connection that his ISP cannot determine if it's passing secure data. SSH tunnel is pretty secure, but it can be easily detected by ISPs since it's in application layer.

let me guess ur dad should b living in IRAN as I am, aren't he?
u can setup http encrypted tunnel on ur Linux box and allow the windows box connect through it, while it is encrypted windows box can brows any thing (even https).

www . nocrew . org / software / httptunnel . html

this will help config ur Linux and windows boxes (server & client).
 
  


Reply

Tags
encryption, http, proxy, server


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
by encrypted http access , to by pass proxy cdestiny Linux - Security 2 08-30-2010 02:05 PM
Installing a proxy software to a server for encrypted web surfing? Seregwethrin Linux - Server 3 03-14-2010 01:02 PM
How to set up an http proxy server SentralOrigin Linux - Networking 1 03-22-2009 06:35 PM
Squid proxy server 2.5 not accessing http A Simple Noob Linux - Server 2 11-10-2007 04:52 PM
http proxy server Seiken Slackware 6 12-09-2005 01:03 PM


All times are GMT -5. The time now is 07:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration