Saturday, December 3, 2011

How to configure 3proxy as http proxy

In some situation, you will need a very light weight http proxy to redirect traffic. For example in my company, there are multi LAN, my LAN is 192.168.11.0/24 with 1Mbps, and another is 192.168.15.0/24 with 25Mbps, so I set a 3proxy on one computer in LAN 192.168.15.0/24. Then I get 25Mbps when I access through my proxy.

To set up 3proxy as http proxy following instruction below:

1. download 3proxy from http://3proxy.ru/download/
2. then extract it to a folder
3. create a configuration file, what us need to change is highlight with  red


nserver 203.189.128.2   #dns server
nserver 203.189.128.1   #dns server
# nscache is good to save speed, traffic and bandwidth
nscache 65536

#nsrecord porno.security.nnov.ru 0.0.0.0
# nobody will be able to access porno.security.nnov.ru by the name.
#nsrecord wpad.security.nnov.ru www.security.nnov.ru
# wpad.security.nnov.ru will resolve to www.security.nnov.ru for
# clients


timeouts 1 5 30 60 180 1800 15 60
# Here we can change timeout values

users dara:CL:dara              # username dara password dara, use for authentication
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
# note that "" required, overvise $... is treated as include file name.
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
#users $/usr/local/etc/3proxy/passwd
# this example shows you how to include passwd file. For included files
# <CR> and <LF> are treated as field separators.

#daemon
# now we will not depend on any console (daemonize). daemon must be given
# before any significant command on *nix.

service
# service is required under NT if you want 3proxy to start as service

#log /usr/local/etc/3proxy/logs/3proxy.log D
#log c:\3proxy\logs\3proxy.log D
# log allows to specify log file location and rotation, D means logfile
# is created daily

#logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
#logformat "Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
#Compatible with Squid access.log:
#
#"- +_G%t.%. %D %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#or, more compatible format without %D
#"- +_G%t.%.      1 %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#
#Compatible with ISA 2000 proxy WEBEXTD.LOG (fields are TAB-delimited):
#
#"-    + L%C    %U    Unknown    Y    %Y-%m-%d    %H:%M:%S    w3proxy    3PROXY    -    %n    %R    %r    %D    %O    %I    http    TCP    %1-1T    %2-2T    -    -    %E    -    -    -"
#
#Compatible with ISA 2004 proxy WEB.w3c
#
#"-    + L%C    %U    Unknown    %Y-%m-%d    %H:%M:%S    3PROXY    -    %n    %R    %r    %D    %O    %I    http    %1-1T    %2-2T    -    %E    -    -    Internal    External    0x0    Allowed"
#
#Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
#
#"-    + L%C    %U    unnknown:0:0.0    N    %Y-%m-%d    %H:%M:%S    fwsrv    3PROXY    -    %n    %R    %r    %D    %O    %I    %r    TCP    Connect    -    -    -    %E    -    -    -    -    -"
#
#Compatible with HTTPD standard log (Apache and others)
#
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" %E %I"
#or more compatible without error code
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" 200 %I"

# in log file we want to have underscores instead of spaces
logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"

archiver rar rar a -df -inul %A %F

rotate 30
# We will keep last 30 log files

auth iponly

external 192.168.0.0/16
# external is address 3proxy uses for outgoing connections. 0.0.0.0 means any
# interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1

internal 192.168.15.253          #IP address of computer running 3proxy

auth none
# no authentication is requires

dnspr

#external $./external.ip
#internal $./internal.ip
# this is just an alternative form fo giving external and internal address
# allows you to read this addresses from files

auth strong
# We want to protect internal interface
deny * * 127.0.0.1,192.168.1.1
# and llow HTTP and HTTPS traffic.
allow * * * 80-88,8080-8088 HTTP
allow * * * 443,8443 HTTPS
proxy -n -p455         #set it to listen on port 455, if we keep default it will listen on port 3128

auth none
# pop3p will be used without any authentication. It's bad choice
# because it's possible to use pop3p to access any port
pop3p

tcppm 25 mail.my.provider 25

auth strong
flush
allow 3APA3A,test
maxconn 20
socks
# for socks we will use password authentication and different access control -
# we flush previously configured ACL list and create new one to allow users
# test and 3APA3A to connect from any location


auth strong
flush
internal 127.0.0.1
allow 3APA3A 127.0.0.1
maxconn 3
admin


4. it is time to run it, open cmd then change directory to 3proxy bin directory
 C:\Users\Downloads\tes\bin>3proxy.exe ..\cfg\3proxy.cfg.sample

 (execute 3proxy with its configuration that we just edited.)


 NOTE
the 3proxy configuration file sample is contained in its package
  




2 comments:

  1. Thank you, this is very helpful and worked perfectly.

    ReplyDelete
  2. At the point when a client on the Internet asks for information from a web serverprotected by an invert proxy, the switch proxy blocks the demand andensures that the information contained in the demand is satisfactory. mexico web proxy

    ReplyDelete