brianirish.com Scientific progress goes *boink*

Installing an Anonymous Squid Proxy in CentOS 5.5

Purpose: Given access to your own CentOS box, you can setup Squid to make your server a proxy. And not just any proxy - an anonymous proxy (one that will mask your IP address). We'll also go a step further for you, and tell you how you can use this and your local firewall to access Hulu from outside of the United States.
 
Assumptions:

• You have root access to your CentOS box.
• You have eyes that are connected to your brain.

Step 1: Squid sure is yummy.
Install the latest Squid from yum:
yum install squid

Step 2: Time to play "EDIT! THAT! CONF!" (applause)
Go on ahead and vi into that brand spanking new squid.conf file:

vi /etc/squid/squid.conf

There are a couple of things we're going to edit in here. By default, Squid installs as a non-anonymous proxy. However, the Squid developers have left behind a very nicely documented conf file, so that even grandma can get in on the action.

Step 2a: Forwarded For OFF!

What we'll do first is keep the client IP address from being recognized. Search for "forwarded_for" and turn it off:

forwarded_for off

Step 2b: Paranoia sets in

Good. Next, we're going to enable the old "http_anonymizer paranoid" feature of Squid. Go ahead and do a search for just that, and uncomment the example they give you:

header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Proxy-Authorization allow all
header_access Proxy-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access All deny all

Sweet. The documentation gives a quick and dirty explanation of what this does, but it's basically fine-tuning your HTTP headers for maximum anonymousness. I love that that's actually a word.

Step 2c: Agent Anonymous, reporting for duty! (Haha, doodie)

Right, the final edit in this wonderful conf file is right beneath our last one, in the header_replace area. You can do a search for TAG: header_replace, but it's just as easy to scroll down a few ticks. Add the following:
header_replace User-Agent anonymous

Step 3: Hello, World! From, Nobody at All

You're done! Restart the Squid service using:
/etc/init.d/squid restart

Change your proxy settings in your browser to point to the IP address of your Squid server (Squid defaults to listening on port 3128). If you don't know how to do that, Google that shit. What am I, a comprehensive tutorial author?

EXTRA SAUCE: International Hulu Support

Ah, so the whole reason you want this Squid server is to watch Hulu, eh? Now that you've done the hard part in connecting to your very own Squid proxy server, getting to Hulu is quite simple. First, let's double check that your proxy is working as it should.

Visit http://www.whatismyip.com and make sure you see the IP address of your proxy server. Also ensure that underneath it doesn't give you a warning saying that a possible proxy server is connected. That would mean you didn't properly configure Squid to be entirely anonymous. If you've followed my instructions above, then I don't know WTF you've done and you're on your own. Google is your friend now, not me.

Take one last precaution and visit http://releasegeo.hulu.com/geoCheck. You should see "valid false", which means your Geo Location check is valid, and it doesn't think you're using a proxy. Hooray!

Whatever OS you're using, be it Windows, Linux, or OS X, find the easiest way to block OUTGOING ports. In Windows, it's super easy using Windows Firewall. Windows users can follow the guide here: http://maximumpcguides.com/windows-7/block-a-port-in-windows-7s-firewall/ NOTE: If you follow that guide, make sure to use the OUTGOING port blocker, not INCOMING like it tells you. Block outgoing ports 80, 443, and 1935.

If you're using *NIX or OS X, you probably know how to do this shit already. Block outgoing ports 80, 443, and 1935 (ah, that was a good year). Use whatever means necessary!

After your new firewall rules are in place, you should now be able to view videos on Hulu. Depending on your proxy, you *probably* won't get HD videos but hey, it's better than nothing at all.