next »

[Bompa]

I have need to implement Apache's mod_proxy on my dedi.

From what I see in the docs:

ProxyRequests On
<Proxy *>
  Order Deny,Allow
  Deny from all
  Allow from my-ip-here
</Proxy>


It does seem to work, but when I check it with whatismyip.com, I
see the main IP of my dedi, but I want one of my other IPs.  So,
where the * is, I put the IP that I want to use as the proxy, but my
main IP is still be used.

What am I missing?

port to listen?

Anyone know?

Bompa

[perkiset]

Bomps - are you using this to essentially come inward, towards another one of your servers like a reverse proxy, or are you surfing the net via this machine like a f'reals outbound proxy?

[Bompa]

The latter. I put the IP into my browser settings and surf anonymously.


The apache docs call this a forward proxy.

[perkiset]

Ah.

The problem is that you'll only have one default gateway for your local network stack ... not the upstream gateway, but the first address on your machine. In other words, although requests may come in on any number of addresses your machine has on it, it will send requests on of it's primary one. There's a way of doing it, but unfortunately the guy I would go to passed away a little bit ago, so I am without resource there. I tried to get Apache to simply send responses on the IP that they came in on, mimicking many machines, rather than one with lots of addresses. Fought with it for a long time and finally conceded.

Even if you change the * to your "listening" address, requests will be sent out the root address of the machine.

[Bompa]

Thanks for taking the time perk.

You're probably right about mod_proxy. The odd thing is I can bind my
perl code to any IP on my machine with this one line:

@LWP::Protocol::http::EXTRA_SOCK_OPTS = (LocalAddr => 'xxx.xxx.xxx.xxx');

So, if perl can do it...

Anyways, the reason I wanted to use mod_proxy was that it looked so
simple, just a few lines of code in httpd.conf and good to go, plus I was
hoping that it would be undetectable, but I'm not sure about that.

My challenge is that some hosts are employing proxy-detection techniques
on incoming IPs. Sometimes banning or refusing a connection, sometimes
putting the proxied IP on a lower service priority.  Not long ago, I did not
know it was possible to detect proxies, except for open public proxies.

It makes sense too doesn't it?  Like if you have something that 100,000
spammers want to scrape daily lol, not much bandwidth left for your real
visitors.  Also, a site like CL where the spammers and scammers want to
place their ad in all 50 states, renting proxies all around the country
won't help, they are all detectable.

So, squid and other proxy software will not cut the mustard as they are
very easily detected, (unless heavily modified which is probably over my skill set).

I will have to write my own perl proxy. I have seen a few perl proxies
already written so I can look at those. Then figure out how to make
sure it's not detectable.

thanks again,
Bomps

[perkiset]

A PIA, I agree. The binding you show is similar to the way I've seen it done in other things as well.

I think, given what you're probably up to, a custom proxy is your best bet. And changing signatures often wouldn't be a bad plan.

Good luck mate.