Saturday, December 3, 2011

How to configure 3proxy as http proxy

In some situation, you will need a very light weight http proxy to redirect traffic. For example in my company, there are multi LAN, my LAN is with 1Mbps, and another is with 25Mbps, so I set a 3proxy on one computer in LAN Then I get 25Mbps when I access through my proxy.

To set up 3proxy as http proxy following instruction below:

1. download 3proxy from
2. then extract it to a folder
3. create a configuration file, what us need to change is highlight with  red

nserver   #dns server
nserver   #dns server
# nscache is good to save speed, traffic and bandwidth
nscache 65536

# nobody will be able to access by the name.
# will resolve to for
# clients

timeouts 1 5 30 60 180 1800 15 60
# Here we can change timeout values

users dara:CL:dara              # username dara password dara, use for authentication
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
# note that "" required, overvise $... is treated as include file name.
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
#users $/usr/local/etc/3proxy/passwd
# this example shows you how to include passwd file. For included files
# <CR> and <LF> are treated as field separators.

# now we will not depend on any console (daemonize). daemon must be given
# before any significant command on *nix.

# service is required under NT if you want 3proxy to start as service

#log /usr/local/etc/3proxy/logs/3proxy.log D
#log c:\3proxy\logs\3proxy.log D
# log allows to specify log file location and rotation, D means logfile
# is created daily

#logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
#logformat "Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
#Compatible with Squid access.log:
#"- +_G%t.%. %D %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#or, more compatible format without %D
#"- +_G%t.%.      1 %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#Compatible with ISA 2000 proxy WEBEXTD.LOG (fields are TAB-delimited):
#"-    + L%C    %U    Unknown    Y    %Y-%m-%d    %H:%M:%S    w3proxy    3PROXY    -    %n    %R    %r    %D    %O    %I    http    TCP    %1-1T    %2-2T    -    -    %E    -    -    -"
#Compatible with ISA 2004 proxy WEB.w3c
#"-    + L%C    %U    Unknown    %Y-%m-%d    %H:%M:%S    3PROXY    -    %n    %R    %r    %D    %O    %I    http    %1-1T    %2-2T    -    %E    -    -    Internal    External    0x0    Allowed"
#Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
#"-    + L%C    %U    unnknown:0:0.0    N    %Y-%m-%d    %H:%M:%S    fwsrv    3PROXY    -    %n    %R    %r    %D    %O    %I    %r    TCP    Connect    -    -    -    %E    -    -    -    -    -"
#Compatible with HTTPD standard log (Apache and others)
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" %E %I"
#or more compatible without error code
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" 200 %I"

# in log file we want to have underscores instead of spaces
logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"

archiver rar rar a -df -inul %A %F

rotate 30
# We will keep last 30 log files

auth iponly

# external is address 3proxy uses for outgoing connections. means any
# interface. Using is not good because it allows to connect to

internal          #IP address of computer running 3proxy

auth none
# no authentication is requires


#external $./external.ip
#internal $./internal.ip
# this is just an alternative form fo giving external and internal address
# allows you to read this addresses from files

auth strong
# We want to protect internal interface
deny * *,
# and llow HTTP and HTTPS traffic.
allow * * * 80-88,8080-8088 HTTP
allow * * * 443,8443 HTTPS
proxy -n -p455         #set it to listen on port 455, if we keep default it will listen on port 3128

auth none
# pop3p will be used without any authentication. It's bad choice
# because it's possible to use pop3p to access any port

tcppm 25 25

auth strong
allow 3APA3A,test
maxconn 20
# for socks we will use password authentication and different access control -
# we flush previously configured ACL list and create new one to allow users
# test and 3APA3A to connect from any location

auth strong
allow 3APA3A
maxconn 3

4. it is time to run it, open cmd then change directory to 3proxy bin directory
 C:\Users\Downloads\tes\bin>3proxy.exe ..\cfg\3proxy.cfg.sample

 (execute 3proxy with its configuration that we just edited.)

the 3proxy configuration file sample is contained in its package


  1. Thank you, this is very helpful and worked perfectly.

  2. At the point when a client on the Internet asks for information from a web serverprotected by an invert proxy, the switch proxy blocks the demand andensures that the information contained in the demand is satisfactory. mexico web proxy