Your Internet connection, that is...
Whatever the nature of your business, whether you have a three person team or 30,000, if you’ve got computers in your office, you’re going to need a proxy server. Now larger businesses need something that can handle much more traffic, and we’ve earlier recommended Squid on a Linux server for them. However, smaller businesses (between 2 and 30 computers) might not have the free hardware or expertise to install and maintain Squid.
Most often, SoHo businesses need something Windows-based—a tool that’s easily installed and just as easy to maintain. This is because most SoHo businesses cannot spare a computer, so the proxy server machine is quite simply just another computer on the network that the person with the Internet connection uses. Now Windows can also share a connection over the Network, but it does nothing else. The Windows Internet Connection Sharing Wizard will do nothing more than give all network computers access to your Net pipe, which will result in slow surfing speeds for everyone.
Proxy server software do not just share Net connections; they also cache files to save bandwidth, act as a firewall, put restrictions on content, and much more. So how does one go about choosing a good proxy server? The first step is to look for the following features:
- The ability to run as a service: You don’t want everyone in your office getting disconnected from the Net just because someone accidentally closed the proxy server window.
- Caching: A proxy server that doesn’t cache is just useless; caching helps save bandwidth and speed up the browsing experience.
- User lists: In order to make sure that no unauthorised people are using your Internet connection, you need to be able to give access to only specified users, with authentication.
- Logging: You need to keep an eye on what people in your company are using the Net for; to make sure they aren’t misusing privileges.
- Bandwidth controls and monitors: These will help ensure that people don’t overuse bandwidth, and that will keep your bills in check. Some software will also let you set maximum speeds per client, or cut-off points to stop Net access when a user reaches A prescribed bandwidth limit.
Of course, software that offer all of the above or more will cost a bundle, or will they?
Using Proxy , you can choose to only dial a connection
when someone on the network tries to access a site
or use a protocol
ProxyPlus (Proxy )
Proxy is proxy software that has both free and paid versions. The free version allows for three users (two concurrent) to use the proxy. The two-concurrent-user restriction means only two people can be using the proxy at the same time. The licensing price for five users is $99 (about Rs 3,950), for 10 users is $199 (Rs 7,900), and for unlimited users is $299 (Rs 11,950). You can get the latest version from www.proxyplus.net.
This is as simple as can be. Just download the software and double-click it. The last step in the setup process is important, and you should tick the “Install as a Windows service” to run the proxy in the background as a service.
Proxy can be configured by using a browser and navigating to https://localhost:4400 from the same computer or https://<Your_IP>:4400 from another computer on the LAN.
Once you get to the Proxy Admin page, you can start setting up your proxy server. Everything is explained, and help is available in detail from Start > Programs > Proxy > Guide, or online at www.proxyplus.net/doc/en/proxyguide.htm.
In order to allow your networked computers to use Proxy , you need to inform them to change the settings in their Web browsers. In Internet Explorer, you’ll need to go to Tools > Internet Options > Connections. Here, if you have an account name in “Dial-Up settings”, select Never dial a connection. Then press LAN Settings... . Uncheck Automatically detect settings and Use automatic configuration script. Select Use a proxy server and fill the IP address of the PC running Proxy in the Address field, and set the Port to 4480. Instructions for other browsers are at the page mentioned.
Important Config Settings
Almost everything you see when configuring is self explanatory, but we will list significant settings here to ensure you set up your proxy right:
At the Proxy Admin page, click on Accounts at the left and then on Users. Type in the name of at least one user, say Admin, add a password, and click Add. This will make sure that you have at least one user for the next step. You can come back later and add all the users you wish.
Change Admin Access
By default, Proxy configurations can be changed by anyone who navigates to https://<Your_IP>:4400 from any computer on your LAN. This is open to exploit, so you should change this ASAP. After making a user and setting a password, click on Administrator and then General at the left. Check the WWW Admin requires authentication box, select the user from the dropdown, and click Save. This will force anyone who browses to https://<Your_IP>:4400 to enter a username and password to go any further.
Proxy requires a restart after all major settings changes. This is because the software reads settings when it starts up—so don’t be alarmed when you make changes and don’t see the results immediately. In order to restart Proxy , just go to Administrator > Restart, and click Restart. In a few seconds the page will be refreshed and your new settings will take effect.
By default, Admin access is at port 4400; browsers need to set port 4480 to use the proxy, and if you set more proxies such as FTP gateways, the port is 4421, etc. All this can be changed, and you can choose custom ports, say 1337 (geek for “elite”) for admin and normal proxy ports, such as 8080, or others like 12345, etc., for the services. Just go to Proxies > General, and you will see all the settings listed on the right. Change these values to what you desire, and remember to click Save and also restart Proxy for the changes to take effect.
If you are on dialup, or even broadband dialup (PPPoE), you don’t want to leave it connected all the time. Using Proxy , you can choose to only dial a connection when someone on the network tries to access a site or use a protocol. You can even choose which protocols activate dialling. Just go to Dialing > General and select your connection—Proxy will identify and list all available connections you have here automatically—and click Save. To choose the protocols that activate auto-dialling, go to Dialing > Auto Dial, check the boxes for the protocols that can initiate an Internet connection, and click Save. We recommend you set this to only HTTP and FTP.
Setting Mail Accounts
This is a very useful feature in Proxy , and it enables you to set the proxy server to download mails from POP3-enabled accounts. This results in a much faster experience for users, because when they download their e-mail into their mail clients, they’re actually downloading it from the proxy server instead of from the Internet. The same applies to sending e-mails.
Using the Access List, you can set Allow and Deny
based on the time of day
In order to set Proxy to handle mail, go to Mail > General and set the outgoing SMTP server first. Choose Internet Mail Server if your server is an online one. Usually, just choosing your ISP’s SMTP server is recommended. Next go to Mail > POP3 General and check the POP3 Downloader enabled box. Now you can go to Mail > POP3 Download, add the Internet mail account for any of the local users you have. Add in the e-mail account, username, password, and select whether you want messages to be left on the server or downloaded. Click Save.
After you’re done adding all the accounts, you can restart Proxy to make the changes active. To configure your mail client, just set the POP and SMTP servers to the IP address of the computer that Proxy is running on. You also need to use the authentication (username and password) that is stored in Proxy for your username. So, if Proxy is installed on a machine with the IP 192.168.0.1, your name is Prakash Sharma, your e-mail address is p.sharma@yourdomain. com, your Proxy username is psharma and password is pwd, your mail client settings would be:
Account Name: Prakash Sharma (or anything you want)
E-mail Address: p.sharma@your domain.com
Incoming Server: 192.168.0.1
Outgoing Server: 192.168.0.1 (providing you have set your SMTP server in Proxy , otherwise just use your regular SMTP server)
Username: psharma (the Proxy username)
Password: pwd (Proxy password, not your e-mail account password)
If you decide that not everyone requires access to the proxy server, you can deny access based on IP addresses—for example, you might not want anyone in the accounts department to get Net access, to prevent exposure to viruses. Using the Access List, you can also set Allow and Deny based on the time of day—so, for example, you can allow Net access only during working hours (say, 9 AM and 7 PM), or even deny access to everyone during lunch hours (known as goofing off time). You can also set rules on a per-IP basis.
Available from www.handcraftedsoftware.org, FreeProxy is, well, free! Made for the Windows platform, it offers all the important features that you want: content filtering (keyword/URL, etc.), time based access, user-based access control, auto-dialling, access report generation, caching (v3.80 onwards), a Web server, ability to run as a service, etc. It offers almost all the same functionality as Proxy , and at an unbeatable price—Rs 0. It’s ideal for smaller companies though—10 users or less—according to prominent software reviewers, and seems to perform less efficiently as the number of users increase. Still, the software is still being actively and passionately developed, and FreeProxy is by far the most popular Windows-based proxy server. If you have 15 or less PCs in your company, look no further than FreeProxy.
If you have a PC to spare, and are familiar with Linux, you should definitely look at Squid. This open source proxy server is the de facto choice of larger businesses. With all the features you can imagine, stability that’s unbeatable and the capability of handling thousands of concurrent connections without overloading the CPU, nothing beats Squid in terms of scalability.
The only drawback for the average Indian SoHo office is the need for a machine running Linux—however, with Linux gaining popularity amongst PC enthusiasts and Digit readers, we expect Squid to gain a few popularity points over the years. You can download it, or read more about it at the Squid Web site: www.squid-cache.org.
First, you need to go to Access List > General and tick the “Enable Access List” checkbox. Click save and then move on to Access List > Objects. You need to read carefully if you want to be able to allow or deny access to computers or set time restrictions. Although what follows may look like scripting, it’s not. It’s just a logical way of telling the proxy what to do.
First we’ll look at Objects. Here you will see a dropdown box called New object type. If you want the proxy to deny the IP 192.168.0.99 access, you need to first define that IP. This is exactly what you will do at Objects.
The three types of objects that are most commonly used are ClientHostName, ClientIP and Time. If the IP 192.168.0.99 belongs to a computer called Prakash, this is the ClientHostName. Now to define this, you will add an identifier under New object name. For the computer Prakash, you might want to set the object name to say, PC99, or anything descriptive that will help you identify the object. Under Parameter, you need to add Prakash and select ClientHostName from the New object type drop-down. When you click Add, you will see that it is saved in the format PC99 = ClientHostName; Prakash.
Let’s say you now want to add an IP—say, 192.168.0.125—as an Object. You need to select ClientIP from the New object type drop down, enter 192.168.0.125 as the parameter, and anything descriptive that you will remember as the New object name—IP125, for example. This will add the line IP125 = ClientIP; 192.168.0.125.
You can define time similarly—for example, choosing the time between 11:00 AM and 1:00 PM, and calling it Lunch would give you the following line in the Defined Objects list: Lunch = Time; 11:00-13:00.
Once you have defined Objects, you can choose what the Access List does to them. There are four commands the List understands: Allow, Deny, Pass and Rewrite. The first two are self-explanatory. Pass is a rule that allows a connecting IP or user “pass” a username and password prompt without seeing the login screen. For example, if people connect to www.yourdomain.com/secret, which has a username and password requirement to keep people who don’t work in the company out, you can safely do away with the login requirement from PCs within your company.
Rewrite allows you to change the HTTP request that the user’s IP requested. Say your company domain name is www.something.net, but people are just too lazy—typing in something and pressing [Ctrl] [Enter], and ending up at www.something.com. This is an unnecessary waste of bandwidth and time, and you can set the proxy server to automatically rewrite the HTTP request to forward to www.something.net when it is asked for www.something.com. This will also work when the URL asked for is https://www.something.com/a/b/something_else/something.php?module=blah, changing something.com to something.net in any URL.
The first two Rules are all we’ll ever use most of the time though, so let’s look at how you can use these rules to Allow or Deny access. If you want to deny access to the IP 192.168.0.99, you will first have created the object IP99 = ClientIP; 192.168.0.99. Then, under Access List > Rules, you can add the rule deny IP99. The “!” character can be used as a NOT argument, so you can also set the previous rule (deny IP99) by typing allow !IP99, which tells the proxy server to allow all IPs except for IP99. We’d recommend you not use this too often, unless necessary, because you might get conflicting rules. As an example of a more complicated rule, let’s say you want to deny three employees (IPs 192.168.0.80, 192.168.0.81 and 192.168.0.101) access during Lunch hours (11:59 AM and 1:00 PM): First create the objects...
IP80 = ClientIP; 192.168.0.80
IP81 = ClientIP; 192.168.0.81
IP101 = ClientIP; 192.168.0.101
Lunch = Time; 11:59-13:00
...then add the following line to the Access List Rules box:
deny IP80 IP81 IP101 Lunch.
These examples should help you set up any rules that you need to. If you get confused, remember to look at the help file.
The most important plugins available for Proxy are those that allow it to work with various anti-virus software to scan e-mails. You can access these by clicking on the Back to Status link, and then clicking on Plugins. Check the Use Plugins box, then click on Plugin Settings. You can see which plugins are available by clicking Registered Plugins. Here you’ll find Avast4, AVG6, MP3 Saver, NOD32, and more. You can also add more.
Once you’re done with all this, your proxy should be ready to use. There are many more settings we’ve omitted for lack of space, so you should definitely take the time to read the help files thoroughly to learn how to use it better. Make sure you try the free version of Proxy before you decide to buy it. Regardless of whether you choose to use this software or one of the others mentioned in the box Alternatives, the basics of using a proxy server remain unchanged, so all the above should apply to them as well—only terms and nomenclature of features will differ. Now go save bandwidth and time and install a proxy server for your company!