Saturday, December 3, 2011

How to configure 3proxy as http proxy

In some situation, you will need a very light weight http proxy to redirect traffic. For example in my company, there are multi LAN, my LAN is 192.168.11.0/24 with 1Mbps, and another is 192.168.15.0/24 with 25Mbps, so I set a 3proxy on one computer in LAN 192.168.15.0/24. Then I get 25Mbps when I access through my proxy.

To set up 3proxy as http proxy following instruction below:

1. download 3proxy from http://3proxy.ru/download/
2. then extract it to a folder
3. create a configuration file, what us need to change is highlight with  red


nserver 203.189.128.2   #dns server
nserver 203.189.128.1   #dns server
# nscache is good to save speed, traffic and bandwidth
nscache 65536

#nsrecord porno.security.nnov.ru 0.0.0.0
# nobody will be able to access porno.security.nnov.ru by the name.
#nsrecord wpad.security.nnov.ru www.security.nnov.ru
# wpad.security.nnov.ru will resolve to www.security.nnov.ru for
# clients


timeouts 1 5 30 60 180 1800 15 60
# Here we can change timeout values

users dara:CL:dara              # username dara password dara, use for authentication
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
# note that "" required, overvise $... is treated as include file name.
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
#users $/usr/local/etc/3proxy/passwd
# this example shows you how to include passwd file. For included files
# <CR> and <LF> are treated as field separators.

#daemon
# now we will not depend on any console (daemonize). daemon must be given
# before any significant command on *nix.

service
# service is required under NT if you want 3proxy to start as service

#log /usr/local/etc/3proxy/logs/3proxy.log D
#log c:\3proxy\logs\3proxy.log D
# log allows to specify log file location and rotation, D means logfile
# is created daily

#logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
#logformat "Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
#Compatible with Squid access.log:
#
#"- +_G%t.%. %D %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#or, more compatible format without %D
#"- +_G%t.%.      1 %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#
#Compatible with ISA 2000 proxy WEBEXTD.LOG (fields are TAB-delimited):
#
#"-    + L%C    %U    Unknown    Y    %Y-%m-%d    %H:%M:%S    w3proxy    3PROXY    -    %n    %R    %r    %D    %O    %I    http    TCP    %1-1T    %2-2T    -    -    %E    -    -    -"
#
#Compatible with ISA 2004 proxy WEB.w3c
#
#"-    + L%C    %U    Unknown    %Y-%m-%d    %H:%M:%S    3PROXY    -    %n    %R    %r    %D    %O    %I    http    %1-1T    %2-2T    -    %E    -    -    Internal    External    0x0    Allowed"
#
#Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
#
#"-    + L%C    %U    unnknown:0:0.0    N    %Y-%m-%d    %H:%M:%S    fwsrv    3PROXY    -    %n    %R    %r    %D    %O    %I    %r    TCP    Connect    -    -    -    %E    -    -    -    -    -"
#
#Compatible with HTTPD standard log (Apache and others)
#
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" %E %I"
#or more compatible without error code
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" 200 %I"

# in log file we want to have underscores instead of spaces
logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"

archiver rar rar a -df -inul %A %F

rotate 30
# We will keep last 30 log files

auth iponly

external 192.168.0.0/16
# external is address 3proxy uses for outgoing connections. 0.0.0.0 means any
# interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1

internal 192.168.15.253          #IP address of computer running 3proxy

auth none
# no authentication is requires

dnspr

#external $./external.ip
#internal $./internal.ip
# this is just an alternative form fo giving external and internal address
# allows you to read this addresses from files

auth strong
# We want to protect internal interface
deny * * 127.0.0.1,192.168.1.1
# and llow HTTP and HTTPS traffic.
allow * * * 80-88,8080-8088 HTTP
allow * * * 443,8443 HTTPS
proxy -n -p455         #set it to listen on port 455, if we keep default it will listen on port 3128

auth none
# pop3p will be used without any authentication. It's bad choice
# because it's possible to use pop3p to access any port
pop3p

tcppm 25 mail.my.provider 25

auth strong
flush
allow 3APA3A,test
maxconn 20
socks
# for socks we will use password authentication and different access control -
# we flush previously configured ACL list and create new one to allow users
# test and 3APA3A to connect from any location


auth strong
flush
internal 127.0.0.1
allow 3APA3A 127.0.0.1
maxconn 3
admin


4. it is time to run it, open cmd then change directory to 3proxy bin directory
 C:\Users\Downloads\tes\bin>3proxy.exe ..\cfg\3proxy.cfg.sample

 (execute 3proxy with its configuration that we just edited.)


 NOTE
the 3proxy configuration file sample is contained in its package
  




9 comments:

  1. Thank you, this is very helpful and worked perfectly.

    ReplyDelete
  2. At the point when a client on the Internet asks for information from a web serverprotected by an invert proxy, the switch proxy blocks the demand andensures that the information contained in the demand is satisfactory. mexico web proxy

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. When trying to look for a fast server for your VPN,https://novavpn.com/blog/yify/ you need to know the country in which the server is located.

    ReplyDelete
  5. It was a very good post indeed. I thoroughly enjoyed reading it in my lunch time. Will surely come and visit this blog more often. Thanks for sharing. click here

    ReplyDelete
  6. I hope you will share such type of impressive contents again with us so that we can utilize it and get more advantage. click here

    ReplyDelete
  7. This is a great high resolution screen which you have shared for the users. Making a website is not an easy task but managing a good website is really a hard work. As far as this website is concerned, I am very happy. https://privacyonline.com.br

    ReplyDelete
  8. This article gives the light in which we can watch the truth. This is exceptionally decent one and gives indepth data. A debt of gratitude is in order for this decent article.  getmoreprivacy

    ReplyDelete
  9. A fascinating dialog is value remark. I feel that it is best to compose more on this matter, it may not be an unthinkable theme however generally people are insufficient to chat on such subjects. To the following. Salud. https://www.lemigliorivpn.com

    ReplyDelete