Archive

Posts Tagged ‘Proxy’

Authenticating through a proxy when the app has no option to do so

January 20, 2011 1 comment

Sometimes, you work in an environment where all web queries run through a proxy server and the proxy requires authentication . .

Then sometimes, you use apps that need to access the web . . and they don’t have a method of inputting Username and Password for Web connections.

The easy way to fix this is with a Squid Proxy (effectively, run a proxy server locally . . that authenticates to your web proxy)
All you need to do is use the following configuration settings:

# Listen only local interface rc:
http_port 127.0.0.1:3128

# Parent proxy (192.168.1.253:8080) and Authentication settings
cache_peer 192.168.1.253 parent 8080 0 no-query default login=User:Passwd

# No direct access
never_direct allow all

Of course, you may not have a Linux box available for you to run a Squid proxy . . Squid can compile and run on Windows as a system service using the Cygwin emulation environment

Alternatively and more easily, get a compiled version of Squid for Windows like : www.reaper-x.com/2006/07/18/complete-guide-on-installing-and-configuring-squid-proxy-server-for-windows/

Here’s a quick how to:

  1. Download the latest package from the above link
  2. Extract it (I extracted to c:squid for my example)
  3. Rename *.conf.default to *.conf for all files in c:squidetc
  4. Open the file squid.conf (Notepad / VI or whatever you favour)
  5. Amend the file as above – Save and exit . . .or use the file below if you’re battling and just replace the username / password, IP addresses and DNS servers

If you are battling, you could use the following file and simply edit the row starting with dns_nameservers
and the row starting with cache_peer

6. Now from a dos box, just run the following commands:
mkdir c:\squid\var\cache
c:\squid\sbin\squid -D

(this will start the Squid and ignore the DNS check it normally does at startup)

7. At this point your squid server is running. You should be able to point the proxy server for any app at 127.0.0.1:3128 and the authentication will be handled by the squid proxy. As a test I user the “Android SDK and AVD manager” which only allows specifying of Proxy, but not of credentials . . and all downloads ran properly.

Sample File

# [START - Copy from after this]
# HTTP Port (in this tutorial squid will run on localhost at port 3128)
http_port 127.0.0.1:3128
# ICP Port and HTCP Port (we’ll disable this since we are not going to use it)
icp_port 0
htcp_port 0
# Cache Peer (we’ll forward all request into parent proxy)
cache_peer 192.168.1.1 parent 8080 0 no-query default login=username:password #amend these . .the IP is the Proxy, and Username and Password need replacing.
# Cache directory (in this example i was using 30 MB space to store squid cache)
# cache_dir awin32 c:/squid/var/cache 3000 16 256
# access_log
access_log c:/squid/var/logs/access.log squid
# cache_log
cache_log c:/squid/var/logs/cache.log
# cache_store_log
cache_store_log none
# mime_table
mime_table c:/squid/etc/mime.conf
# pid_filename
pid_filename c:/squid/var/logs/squid.pid
# unlinkd_program
unlinkd_program c:/squid/libexec/unlinkd.exe
# refresh_pattern (you can configure this as you like it, to get more hits from a website)
# note: if you change this parameter "refresh_pattern . 1 100% 20160 reload-into-ims ignore-reload” into something else for
# example like "refresh_pattern . 10 100% 20160 reload-into-ims ignore-reload”
# there’ll be some error on some page (Gamefaqs.com for an example) because the page didnt reload correctly after login into Gamefaqs
refresh_pattern ^http://.*.gif$ 1440 50% 20160 reload-into-ims
refresh_pattern ^http://.*.asis$ 1440 50% 20160
refresh_pattern -i .png$ 10080 150% 40320 reload-into-ims
refresh_pattern -i .jpg$ 10080 150% 40320 reload-into-ims
refresh_pattern -i .bmp$ 10080 150% 40320 reload-into-ims
refresh_pattern -i .gif$ 10080 300% 40320 reload-into-ims
refresh_pattern -i .ico$ 10080 300% 40320 reload-into-ims
refresh_pattern -i .swf$ 10080 300% 40320 reload-into-ims
refresh_pattern -i .flv$ 10080 300% 40320 reload-into-ims
refresh_pattern -i .rar$ 10080 150% 40320
refresh_pattern -i .ram$ 10080 150% 40320
refresh_pattern -i .txt$ 1440 100% 20160 reload-into-ims override-lastmod
refresh_pattern -i .css$ 1440 60% 20160
refresh_pattern ^http:// 1 100% 20160 reload-into-ims ignore-reload
refresh_pattern ^ftp:// 240 50% 20160
refresh_pattern ^gopher:// 240 40% 20160
refresh_pattern /cgi-bin/ 0 0% 30
refresh_pattern . 0 100% 20160 reload-into-ims
# Deny requests to unknown ports
# http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
# http_access deny CONNECT !SSL_ports
# Block access to Malware & ads farm site
# Insert your own rule here by using
# acl blablabla url_regex -i "path to file”
# or
# acl blablabla url_regex "path to file”
acl all src 0.0.0.0/0.0.0.0
http_access allow all
# http_access deny all
cache_mgr Reaper-X
httpd_suppress_version_string on
visible_hostname Reaper
via off
forwarded_for off
log_icp_queries off
client_db off
never_direct allow all
#Some anonymizing
header_access From deny all
#there’s some website which use referer check
#so its better to disable this
#header_access Referer deny all
header_access WWW-Authenticate deny all
header_access Link deny all
header_access Warning deny all
header_access Via deny all
header_access User-Agent deny all
header_access Proxy-Connection deny all
header_access X-Forwarded-For deny all
dns_nameservers 192.168.1.2

#[END – Copy to before here]

What we are doing here in effect is running the Squid proxy as a local proxy, that has the authnetication to your Network Proxy already configured. the squid.conf contains the username and passwpord and any request sent from your cliebt via the squid proxy thus has the request redirected and processed using an authenticated connection.

The added bonus of course is that you can set your local squid proxy to cache your web requests, thus in theory having your own local cahing proxy that never requires manual authentication.

Interestingly, if you are normally prompted for authentication when you access your work proxt, you should now stop seeing the prompt, as you dekstop / laptop will never communicate directly with the proxy anymore (unless of course you tell it to)

Happy Days

Advertisements
Categories: Apps, Tech Tips, Toolbox Tags: , , ,