All Questions
73 questions
1
vote
0
answers
157
views
Implementing a forward proxy for internet bound traffic in AWS
Say I have a few internal services living in a private subnet that need to make external API calls. To achieve this, I implement a lambda living in another VPC that makes the call on their behalf. Now ...
- 11
0
votes
0
answers
32
views
Two Squid Chaining but different IP segment
Can two proxy servers be chained together, where one server has access to the internet and the other can only access internal networks? How can I configure this setup?
IP addresses information:
...
0
votes
1
answer
1k
views
ProxyJump asks for the same password twice
For my work, I have to connect to a remote server. The connection is via a simple SSH and with only one password (no authentication file is needed).
For more clarity, I connect like this:
Do ssh user@...
- 101
0
votes
0
answers
860
views
how to setup socks5 proxy server on centos9 for network access behind firewall?
I need a socks proxy on centos 9, to access services from an (internal) network behind a firewall.
It should be a socks 5 proxy (dynamic port forwarding) that can only be used by the configured ssh ...
- 99
1
vote
1
answer
831
views
Is basic Username authentication is enough for Dante SOCKS proxy?
so I'm making a SOCKS5 proxy for WebSocket connections and some HTTP calls on a few VMs in DO.
The idea is that traffic from K8S cluster would go through the proxies so I could whitelist the IPs on ...
- 21
1
vote
1
answer
620
views
HTTP CONNECT requests in Apache web server log
I have an Apache webserver which serves the domain www.mypersonaldomain.com and I found these entries (and more like these) in access log.
88.218.227.227 - - [28/May/2021:08:56:29 +0000] "CONNECT ...
- 13
3
votes
1
answer
1k
views
Apache CONNECT request logs - should I be concerned?
I was going through my Apache2 access logs this evening, when I found what appear to be CONNECT requests in the log file:
...
5*.**.***.**8 - - [28/Jan/2021:21:40:41 +0000] "GET http://www....
- 133
0
votes
0
answers
33
views
Can a proxy server like Cloudflare access all files in server and can read and write them, and if it can how to disable it
How to stop a proxy server from reading, writing files in origin server.
And if I changed name servers of another server and that another server can behave like a proxy and can it access all files ...
0
votes
0
answers
196
views
Proxy local webserver blindly to external port, so internal resources don't have to be exposed
I have a dedicated webserver running CentOS 7 minimal, I am using HaProxy as my edge server and NginX as my internal application server.
What I would like to do, is set up a small admin area for ...
- 107
-2
votes
1
answer
43
views
Which kind of proxy service should I install on my dedicated web server? [closed]
I have a dedicated server and would like to install proxy on my server so that I secure it. I'm not sure which type of proxy is suitable for me. Any help clarifying what is web proxy and what is the ...
0
votes
2
answers
84
views
Should servers use proxy for security?
I have set up proxy (using Sophos gateway) for PC's and we are using whitelist (so users can only access web pages that are allowed).
Is it good security practise to use proxy on servers too?
What ...
0
votes
2
answers
4k
views
Is my Dante SOCKS5 configuration "Secure"?
I realize "secure" is a very loaded definition.
I need to connect to an SFTP logging server (user/pass only, no ssh key).
The SFTP server has IP whitelisting, and all my server IP's are dynamic. I ...
- 189
1
vote
1
answer
2k
views
Apache ProxyRemote does nothing
On Ubuntu server 18.04 running Apache 2.4, I'd like to pass all Apache's outgoing requests to a forward proxy so that I can filter out some URLs for security reasons (using Tinyproxy).
It seems that ...
- 566
1
vote
0
answers
322
views
Should I encrypt connections within my docker network to improve security?
Setup information:
My current docker setup consists of the following containers:
proxy and load balanceing server (HAproxy)
http server (apache)
multiple websocket servers (ratchet php)
database ...
0
votes
1
answer
175
views
access unexposed services on remote machine
I have services running (in docker containers) on a remote server for which I have ssh access.
These services are admin apis that I'd prefer not to expose to the world(I don't really fancy setting up ...
- 111
1
vote
2
answers
6k
views
Is there any way to cache or forward https requests to an http proxy using Squid?
I currently have squid setup to use a self-signed certificate for MITM to cache HTTPS requests. This works. If an item is not in the cache I want to request from an online proxy like Crawlera. ...
- 143
1
vote
1
answer
4k
views
Dante (SOCKS server) user.unprivileged and user.unprivileged options cause failure during startup
I'm trying to setup Dante 1.4.2 on my Ubuntu 18.04 server but getting a strange behavior from Dante:
Jun 12 01:33:22 (1528760002.119429) danted[8854]: error: /etc/danted.conf: problem on line 93 near ...
- 121
0
votes
0
answers
693
views
IIS & NGINX DDOS Protection
I have a Windows 2012 R2 server with IIS currently set up on it and I was wondering what my options were to make this DDOS Protected. I've seen Remote DDOS Protection available from various sites but ...
- 31
0
votes
1
answer
8k
views
How to connect to FTP server when port 21 is blocked by my ISP? [closed]
I am trying to connect to a shared hosting FTP server via port 21 but its blocked by my ISP. I'm using an internet dongle. I'm travelling and must use the dongle since there is no other wired internet ...
- 560
0
votes
1
answer
708
views
cntlm on linux server
I have a local linux server PC, for a small subnetwork cluster. The server accesses internet using CNTLM (since I am behind a corporate NTLM proxy). This poses the following security problem.
CNTLM ...
- 405
0
votes
1
answer
591
views
Broadcast IP through Proxy
I see destination IP as 255.255.255.255 when a user trying to access URL. Can anyone explain why and when this will happen. Sample packet
<30>Feb 4 05:55:34 msdsdg mwg: McAfeeWG|time_stamp=[04/...
0
votes
1
answer
33
views
Is it sufficient to apply ssl to the proxy but not the services being proxied?
I was wondering if enabling SSL on the proxy is enough but not on the services being proxied. Would there be issues from the outside (on client side) when comms are supposed to be https?
- 1,445
-1
votes
1
answer
58
views
Setting up an ssh authentication server
I have some 30 Media Temple grid servers and I need to manage the access of 15 or so developers to those servers. Is it possible, and more importantly secure, to setup a server who's only job is to ...
Michael Morris
-1
votes
1
answer
111
views
Getting file size before download on a proxy server [closed]
We're working on building a multithreaded proxy file server in C, where we receive a request and retrieve it from another location using the libcurl library.
The library gives you the option of ...
- 169
1
vote
0
answers
1k
views
What are the differences between Blue coat ProxySG and Cisco Ironport?
What are the main differences between ProxySG and Cisco's Ironport Appliances?
I already found out:
Cisco's Ironport:
- is only available as a scalable Hardware Appliance (not Virtual)
- high ...
- 11
2
votes
1
answer
996
views
Can I use a proxy to secure elasticsearch?
I have deployed an open source public web service (elasticsearch) on Ubuntu. Problem is - no security at all (only if you pay).
I've researched a bit about blocking ports only to internal requests ...
- 121
0
votes
2
answers
487
views
mitmproxy device identification
Currently am experimenting with mitmproxy. I have a setup where I can see all the traffic that is running through. I have multiple mobile devices (ios and android). I have installed the mitm ...
- 1
1
vote
2
answers
146
views
From a technical perspective, is my data insecure when using a public VPN like SecurityKiss?
I wonder if I understand well VPN.
I connected to SecurityKiss, they provide a list of TunnelBlick configs. In order you to connect their VPN. (TUnnelBlick is OpenVPN based).
Am I right : your IP is ...
- 155
-1
votes
2
answers
767
views
Creating Virtual Proxy Server
I know this is not this kind of forum, but I can't find anything in google that really answers my question.
Is there possible to create a Proxy server running in a Virtual Machine using only 1 ...
1
vote
0
answers
174
views
Am I being picked up by a proxy sending my IP/request URLs to China? Sketchy
I spun up a new machine on Digital Ocean today which is pre-configured with a web environment. I made an initial request to the new site and found the following (IP address redacted) in my nginx ...
- 168
1
vote
1
answer
369
views
Configurable ftp-proxy with LDAP authentication
I am looking for solution for following situation.
I have bunch of ftp account (many servers) and many users. They need access to that servers. I don't want to give every user passwords to every ...
- 11
1
vote
0
answers
99
views
Owncloud - Proxy changes certificate
I'm running an owncloud server 7.0.2 with apache(Ubuntu host) and configured it to use a self-signed ssl certificate. Everything works fine on my home-PC
On an other machine I would like to use the ...
- 121
3
votes
1
answer
5k
views
PCI Failure due to HTTP Reverse Proxy Detection
We use Security Metrics for our PCI compliance scans. Haven't had any issues in the past but our most recent scan said we failed due to "HTTP Reverse Proxy Detection". I'm guessing this has to do with ...
- 131
1
vote
1
answer
1k
views
What are the security benefits of using a proxy server?
In Wikipedia is written:
Security: the proxy server is an additional layer of defense and can protect against some OS and Web Server specific attacks. However, it does not provide any protection to ...
- 317
1
vote
2
answers
451
views
Filter Websites via Squid
I would like to install Squid to block all the websites and only allow a few websites (whitelist). Each department will have different rules.
For example on the Sales department - all the websites ...
- 703
2
votes
2
answers
892
views
How to configure apache to behave as a remote browser?
For my IT security class summer project, we have to work on different ways to circumvent security measures setup on a school/company network and to explain how these hacks can be detected and avoided.
...
- 519
0
votes
1
answer
192
views
Stop server's use as proxy
I have a vps server on which I have configured apache as a webserver.
Because of unexpected high usage of bandwidth, I checked the access log of my server yesterday.
There were a lot of requests of ...
- 3
1
vote
1
answer
475
views
Apache frontend for Tomcat, proxy security
I have a server that hosts Tomcat for apps and Apache2 for it's frontend.
They communicate to each other through ajp protocol over mod_moxy and proxy_ajp modules.
Am I really safe using apache ...
- 31
3
votes
1
answer
4k
views
How to secure and audit outbound traffic in an enterprise environment?
What follows is a long-winded background to preface the following question: What is the industry best-practice (or what recommendations would you give) for securing outbound traffic in an enterprise ...
- 999
3
votes
4
answers
424
views
Is this iptables NAT exploitable from the external side?
Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple).
On this network there is one internet-connected ...
- 1,164
1
vote
1
answer
82
views
Is it safe to publicly tell the IP of my proxy?
I'm working behind a proxy and I save my code using github.com .
My snippets of java code contain some system parameters to tell java about our proxy:
System.setProperty("http.proxyHost", "...
- 429
2
votes
3
answers
2k
views
How to protect my credit card transaction data from hackers proxy server? [closed]
I have to make several transaction through credit card. Sometimes, unsecured sites due to business.
When transacting through unsecured (have no ssl), is there any way to save my data from hackers ...
- 225
1
vote
1
answer
1k
views
Http server security analyser and sanitizer proxy
I'm looking for software that will monitor all https request coming through our proxy server.
We currently use nginx that proxies to our application servers.
Ideally, the solution will sit between ...
- 149
2
votes
1
answer
3k
views
How to safely store proxy passwords in system-wide linux config files?
I'm working on a VM in a university environment, where several other users also have root access. Take a config file like /etc/rhsm/rhsm.conf:
proxy_hostname =
proxy_port =
proxy_user =
...
- 5,950
2
votes
2
answers
10k
views
Securing Nginx proxy
I'm using Nginx as a proxy for a Java web service.
My config looks like this:
location /webservice {
proxy_read_timeout 240;
proxy_connect_timeout 240;
proxy_pass http://127.0.0.1:...
- 145
1
vote
4
answers
4k
views
What "Syn Proxy Servers" are recommended? Or how to build one?
My questions are:
1.) What is a recommended "SYN PROXY SERVER" to filter bogus SYN Attacks and only forward "handshaked" valid connections to the host behind it (to be protected). I search the term, ...
- 907
3
votes
2
answers
9k
views
How do proxy servers filter https websites?
With my limited knowledge of HTTPS I started wondering: How do proxy servers filter HTTPS websites? I mean adding a proxy server is essentially a MITM attack which is what HTTPS was explicitly ...
- 1,003
1
vote
6
answers
821
views
Ubuntu 10.04 Proxy Server and SSH Server: am I forced to disable ssh to improve security?
I have a Ubuntu 10.04 proxy server exposed to the internet and I have SSH Server on it to manage it from internal LAN and from remote.
It feels simply unsafe, even if I'm using strong passwords...
I ...
- 2,079
2
votes
3
answers
17k
views
How to configure a network to block gmail but allow google apps mail?
Google app mail loads via http://mail.google.com/a/[domain] and gmail loads via http://mail.google.com/mail.
How can I block computers on my LAN from accessing gmail urls but at the same time permit ...
- 41
0
votes
2
answers
273
views
proxy server for virtual machines
I run a series of virtual machines on a server in which people connect to via Vnc. The computers are mostly used for penetration testing so the people involved are pretty techy.
My dilemma is that ...
- 3