Today I cannot access my blog site from my home because of the [bad behavior] module that block malicious request. It is blocked because my home IP (dynamically determined) is listed in CBL(Composite Blocking List) because someone who used this IP a week ago seems to have lots of trojan and spam bot installed in his/her machine.
My solution is that I need another proxy and the best one out there is my own. I Installed squid in my server. However, I don’t want to share this proxy with anyone else. So, this are what I have to do.
- setup a secure channel from my home to my server
- setup squid to accept only the connection from my server (itself).
The first task can be done very easily by my good old tools, OpenVPN.
- Install openvpn on the server and the client
-
Setup the config file for the server, modifying the following value
port [put port number here] ca easy-rsa/keys/ca.crt cert easy-rsa/keys/server.crt key easy-rsa/keys/server.key dh easy-rsa/keys/dh1024.pem -
run the following command in the server (in directory /etc/openvpn/easy-rsa).
. ./vars ./clean-all ./build-ca ./build-key-server serverThe final step will build the certificate key for openvpn. It will request some information where default value would do nicely. When the script asks for a passphrase, I simply use blank. The Yes/No questions are positive. After that, I have to build a certificate for the client by
./build-key client1With the same information used in the server. Finally, build the Diffie-Hellman parameters.
./build-dh -
After that, I take the following files to my home PC.
ca.crt client1.crt client1.key -
Set up the config file for the client (home PC), modifying the following values
remote [my.server.ip.address] [my port]
That’s all.
Now, the next step is to config the squid, setting up the acl (access control list) of the squid as follows.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 10.8.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
These acl simply allow only http access from the localhost (which include openvpn server at 10.8.0.1) and deny the rest.
Comments
What is the fitness fashion
What is the fitness fashion in this season? Yes, is MBT walking shoes. Up to now, a large number of ladies worldwide have been its fans, for the unique shape and its actual efficiency. People especially ladies want to have a attractive body, and show it to catch guys eyes. This MBT shoes women let you have a correct posture and with exercise to own a sex butt. MBT Kisumu, MBT Sport, MBT Chapa, and others are the most popular styles from MBT walking shoes. MBT shoes sale crazy now, buy them to enoy extra $8 discount.
Between MBT Kisumu White the
Between MBT Kisumu White the player of the winners, the Miami heat guard dwyane wade - with the MBT Sandals SAN Antonio spurs guard manu ginobili were elected. Last week, the Miami flash average every game for the eastern conference MBT Sandals heat contribution, the high 25.3 fourth and fifth than 2.8 steals 8.8 assists,MBT Kisumu 2 and lead the team has achieved 4-0 unbeaten start MBT Fora Chili to the season, in the MBT Kisumu 2 latest issue of the official’s strength increased three places. Good,MBT Sapatu last week with a guard dwyane wade threw the MBT Habari identity of the game, shooting Skechers Shape Ups MBT Fora percentage was also given, the opponent 1.8 blocked shots two technical statistics are the league’s top 10 (9), blocked shot MBT Sapatu White sixth.Last week to Toronto is wade classic, nobody can match him in block had 32 points MBT Habari Birch and seven MBT Chapa Shoes rebounds and six assists and five steals three blocks.Welcome to mbtyahoo.com.
<
p>
The priests grey nimbus in a
The priests grey nimbus in a niche where he dressed wholesale designer sunglasses discreetly. I will not sleep here tonight. Home also I cannot go. A voice, sweettoned and sustained dg sunglasses wholesale, called to him from the sea. Turning the curve he waved his cheap wholesale sunglasses hand. It called again. A sleek brown dior sunglass head, a seals, far out on the water, round. The boys blank face asked the blank replica wholesale sunglasses window. Fabled by the daughters of memory. And yet it was in some replica sunglasses way if not as memory fabled it. A phrase, then, of impatience, thud of Blakes wings of excess. I hear the ruin of all space, shattered wholesale oakley sunglasses glass and toppling masonry, and time one livid final wholesale sunglass flame.
Post new comment