TWiki> Main Web>Computing>WebProxy (2023-10-18, WilliamSeligman) EditAttach

Web proxies

While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available: a web proxy, and VPN. This page discusses a web proxy, a way to route all your web browser's traffic securely via proxy.nevis.columbia.edu.

It's a good idea to check out these secure network warnings before you start.

Why use a web proxy?

It has now become trivially easy to "hijack" an insecure network connection on a public network. Here is an example.

In particular, laptops that connect using public wireless networks are especially vulnerable to having their web sessions "hijacked." As the article states, one way to solve this problem is through a web proxy, that is, an intermediate server that re-directs all the network traffic from your web browser. Since a good fraction of the scientists associated with Nevis have laptops that they use on public networks such as those at airports, it makes sense to have a web proxy server at Nevis.

The Nevis proxy server

  • The advantage of this method versus VPN is that it doesn't involve the installation of any new programs (unless you use Windows).

  • The disadvantage is that it's harder to set up.

To make a secure connection to a proxy server requires two steps:

Forward a secure port from your laptop to the web proxy

The simplest way to accomplish this step is to use SSH.

Important: The following commands create an SSH session that runs as a background process. It can be cut off by anything that would cut off a regular SSH session; e.g., closing the lid of your laptop to put it in hibernation, then going to another airport. You must enter the following command every time you want to set up port forwarding. (Yes, this is the biggest pain of this entire process. This may be a good time to learn about command aliases.)

Mac or Linux

If your laptop runs Mac OS X or Linux, ssh will already be installed. Open a terminal window and type the following command: 

ssh -fxNL 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.edu
where <user> is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an ssh private key).

Windows

Install mobaXterm if you have not already done so. This web page contains instructions for setting up port forwarding. Note that you want to forward port 8888 on your localhost to port 3128 on proxy.nevis.columbia.edu.

Set up the proxy in your web browser

This is a one-time procedure. You may want to turn off the proxy setting off (for example, if you've lost the SSH connection or you're on a secure network) but you normally don't have to type it into your browser preferences again.

Typically this is configured in a option with a name like "Change how your browser connects to the internet" or just "configure proxy." You want to connect via localhost:8888.

Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r11 - 2023-10-18 - WilliamSeligman
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback