TWiki> Main Web>Computing>WebProxy (2020-08-27, WilliamSeligman) EditAttach

Web proxies

While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available: a web proxy, and VPN. This page discusses two forms of web proxies:

  • proxy.nevis.columbia.edu, a way to route all your web browser's traffic securely;
  • WebVPN, to make individual secure connections within your web browser.

It's a good idea to check out these secure network warnings before you start.

Why use a web proxy?

It has now become trivially easy to "hijack" an insecure network connection on a public network. Here is an example.

In particular, laptops that connect using public wireless networks are especially vulnerable to having their web sessions "hijacked." As the article states, one way to solve this problem is through a web proxy, that is, an intermediate server that re-directs all the network traffic from your web browser. Since a good fraction of the scientists associated with Nevis have laptops that they use on public networks such as those at airports, it makes sense to have a web proxy server at Nevis.

The Nevis proxy server

  • The advantage of this method (versus WebVPN or VPN below) is that it doesn't involve the installation of any new programs (unless you use Windows), and that your bookmarks and other browser features can be used unchanged.

  • The disadvantage is that it's harder to set up.

To make a secure connection to a proxy server requires two steps:

Forward a secure port from your laptop to the web proxy

The simplest way to accomplish this step is to use SSH.

Important: The following commands create an SSH session that runs as a background process. It can be cut off by anything that would cut off a regular SSH session; e.g., closing the lid of your laptop to put it in hibernation, then going to another airport. You must enter the following command every time you want to set up port forwarding. (Yes, this is the biggest pain of this entire process. This may be a good time to learn about command aliases.)

Mac or Linux

If your laptop runs Mac OS X or Linux, ssh will already be installed. Open a terminal window and type the following command: 

ssh -fxNL 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.edu
where <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key).

Windows

Install mobaXterm if you have not already done so. This web page contains instructions for setting up port forwarding. Note that you want to forward port 8888 on your localhost to port 3128 on proxy.nevis.columbia.edu.

Set up the proxy in your web browser

This is a one-time procedure. You may want to turn off the proxy setting off (for example, if you've lost the SSH connection or you're on a secure network) but you normally don't have to type it into your browser preferences again.

Typically this is configured in a option with a name like "Change how your browser connects to the internet" or just "configure proxy." You want to connect via localhost:8888.

The firewall's web proxy server (WebVPN)

  • The advantage of this method is that it's much easier to set up than the elaborate method above.

  • The disadvantage is that all the URLs of the web pages you visit are re-written. This may interfere with previously-saved bookmarks and other web-browser features.

To make a secure web connection using our firewall:

Connect to the firewall via your web browser.

The URL is https://vpn.nevis.columbia.edu

If you see Group menu, select Nevis if it's not already selected.

Use the same account name and password from your Nevis Linux cluster account.

Using WebVPN

Look at the top of the web page. You'll see a pop-up menu with both http:// and https:// as options. Select the appropriate prefix for the site you're trying to reach, then enter the rest of the URL. Hit ENTER to visit that web page.

That's it! All the links you click on will be routed through the firewall. You'll see that the URL in the browser will always adjust to begin with vpn.nevis.columbia.edu.

To stop using WebVPN, just close the browser window or tab that has https://vpn.nevis.columbia.edu in its name.

Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r10 - 2020-08-27 - WilliamSeligman
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback