Who is this tutorial for?
- This is an advanced topic.
- This tutorial is for the person who needs to access restricted web sites from a location with a restricted internet connection (e.g., work, school). If you need to use instant messenger, ftp, and other non-web (HTTP/S) protocols, see (Windows) How to Run Your Own Proxy (SOCKS5) or (OS/X) How to Run Your Own Proxy (SOCKS5).
- You should be comfortable installing and configuring software.
- You should have a decent understand of the internet and networks in general
- You should know what a proxy is (read this if you don’t).
- An unrestricted internet connection. Perhaps you have this at home (instead of school/work) or at a friend’s house.
- A computer which you can leave turned on while you’re at school, work, or wherever the restricted internet connection is.
- Download the latest version of Apache httpd from here. Click the “Other files” link to download binaries.
- Install. For Windows, it’s just like any other Windows installation. You’ll be prompted for a few things during installation like domain name. You can enter your IP address or, better yet, get a free dynamic domain name at no-ip.com or DynDNS.org. On Windows, you should choose the option to install as a service. Otherwise, you’ll have an annoying command-prompt on your desktop when apache runs.
- Open the file httpd.conf installed by apache. This is the configuration file for the web server. On Windows, the default location is c:\Program Files\Apache Group\Apache2\conf\httpd.conf. Comments in the file start with “#”.
- Around line 120, you’ll see Listen 8080 or Listen 80. Change this to the port on which you’d like to expose the proxy server. If this proxy server will be running on a residential cable/DSL connection, many ISPs prevent inbound connections on to residential connections on ports 80 and 25 as well as others. To find out which inbound ports your ISP prevents connection to, find the FAQ for your ISP at dslreports.com. Additionally, if you will be connecting to this proxy server from a corporate environment, be aware that some corporate firewalls only permit outbound connections on a few ports to machines outside their firewall. Often outbound ports 21, 23, 80, and 443 are permitted because they are typically used for FTP, telnet, HTTP, and SSL, respectively.
- If your IP address is in one of these ranges:
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
you are most likely behind a router using NAT addressing. If so, configure port forwarding on your router to forward the port you chose in the previous step to the NAT’d IP address of the PC which will run apache httpd (e.g., 198.168.x.x).
- Uncomment the following lines by removing the leading “#”
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
- Add the following to the end of the file:
Deny from all
Allow from aaa.bbb.ccc.ddd
where aaa.bbb.ccc.ddd is the IP address of the remote machine which will connect to your PC. If you omit the green text, you will be running an open proxy. FoxyProxy does not endorse or condone open proxies.
- Save the file and start apache. On Windows, this is done either from the Start Menu or from the Service Control Panel (if you installed apache httpd as a service).
Apache can cache web server responses, such as commonly-used images, to speed things up. HTTPS responses are not cached due to security restrictions. To enable caching, add the following to the end of http.conf:
# This sets up caching to disk.
# You can setup caching to memory if you prefer.
LoadModule disk_cache_module modules/mod_disk_cache.so
CacheEnable disk /
# Read this for info about the above options
# Read this for info on cleaning the cache
Configuring FoxyProxy to Use Your Proxy
What if my unrestricted internet connection has a dynamic IP address?
If your ISP periodically changes your IP address as many cable/dsl ISPs do, get a free No-IP or DynDNS account. These services grant you a free domain name; for example, myproxy.bounceme.net. You run client software on your PC which “phones home” to DynDNS/No-IP every 30 minutes, informing them of your current IP address. Note that many modern consumer-oriented routers from Linksys, Netgear, D-Link, etc. have this software built-in so you don’t need to run a client on your PC.