WebProxy < Main

Main Web>Computing>WebProxy (2020-08-27, WilliamSeligman) (raw view)
---+ Web proxies

<div style="float:right; background-color:#EBEEF0; margin:0 0 20px 20px; padding: 0 10px 0 10px;">
%TOC{title="On this page:"}%
</div>

While you work inside Nevis, your computers are protected by our firewall. When you use a system outside of Nevis, you can still take advantage of our network security by making a secure connection. There are two types available: a web proxy, and [[VPN]]. This page discusses two forms of web proxies:

   * =proxy.nevis.columbia.edu=, a way to route all your web browser's traffic securely;
   * !WebVPN, to make individual secure connections within your web browser.

It's a good idea to check out these [[secure network warnings]] before you start. 

---++ Why use a web proxy? 

It has now become trivially easy to "hijack" an insecure network connection on a public network. Here is an [[http://www.csoonline.com/article/629565/new-firefox-add-on-hijacks-facebook-twitter-sessions?source=CSONLE_nlt_update_2010-10-26][example]].

In particular, laptops that connect using public wireless networks are especially vulnerable to having their web sessions "hijacked." As the article states, one way to solve this problem is through a [[http://en.wikipedia.org/wiki/Web_proxy][web proxy]], that is, an intermediate server that re-directs all the network traffic from your web browser. Since a good fraction of the scientists associated with Nevis have laptops that they use on public networks such as those at airports, it makes sense to have a web proxy server at Nevis.

---++ The Nevis proxy server

   * The advantage of this method (versus !WebVPN or [[VPN]] below) is that it doesn't involve the installation of any new programs (unless you use Windows), and that your bookmarks and other browser features can be used unchanged. 

   * The disadvantage is that it's harder to set up. 

To make a secure connection to a proxy server requires two steps:

---+++ Forward a secure port from your laptop to the web proxy

The simplest way to accomplish this step is to use [[http://www.nevis.columbia.edu/cgi-bin/man.sh?man=ssh][SSH]]. 

*Important:* The following commands create an SSH session that runs as a background process. It can be cut off by anything that would cut off a regular SSH session; e.g., closing the lid of your laptop to put it in hibernation, then going to another airport. You must enter the following command every time you want to set up port forwarding. (Yes, this is the biggest pain of this entire process. This may be a good time to learn about command [[http://en.wikipedia.org/wiki/Alias_%28command%29][aliases]].) 

---++++ Mac or Linux

If your laptop runs Mac OS X or Linux, =ssh= will already be installed. Open a terminal window and type the following command:
<verbatim>
ssh -fxNL 8888:proxy.nevis.columbia.edu:3128 <user>@proxy.nevis.columbia.edu
</verbatim>
where =&lt;user&gt;= is the name of your account on the Nevis Linux cluster. You will be prompted to enter your Nevis password (unless you've set up an [[http://en.wikipedia.org/wiki/Ssh-keygen][ssh private key]]).

---++++ Windows

Install [[https://mobaxterm.mobatek.net/][mobaXterm]] if you have not already done so. [[https://sql1.wordpress.com/2018/11/30/ssh-tunneling-using-mobaxterm/][This web page]] contains instructions for setting up port forwarding. Note that you want to forward port 8888 on your =localhost= to port 3128 on =proxy.nevis.columbia.edu=.
 
---+++ Set up the proxy in your web browser

This is a one-time procedure. You may want to turn off the proxy setting off (for example, if you've lost the SSH connection or you're on a secure network) but you normally don't have to type it into your browser preferences again.

Typically this is configured in a option with a name like "Change how your browser connects to the internet" or just "configure proxy." You want to connect via =localhost:8888=. 

---++ The firewall's web proxy server (!WebVPN)

   * The advantage of this method is that it's much easier to set up than the elaborate method above. 

   * The disadvantage is that all the URLs of the web pages you visit are re-written. This may interfere with previously-saved bookmarks and other web-browser features. 

To make a secure web connection using our firewall:

---++++ Connect to the firewall via your web browser.

The URL is =[[https://vpn.nevis.columbia.edu]]=

If you see =Group= menu, select *Nevis* if it's not already selected.

Use the same account name and password from your Nevis Linux cluster account. 

---++++ Using !WebVPN

Look at the top of the web page. You'll see a pop-up menu with both =http://= and =https://= as options. Select the appropriate prefix for the site you're trying to reach, then enter the rest of the URL. Hit =ENTER= to visit that web page. 

That's it! All the links you click on will be routed through the firewall. You'll see that the URL in the browser will always adjust to begin with =vpn.nevis.columbia.edu=. 

To stop using !WebVPN, just close the browser window or tab that has =[[https://vpn.nevis.columbia.edu]]= in its name.
Topic revision: r10 - 2020-08-27 - WilliamSeligman
Main
Webs
ATLAS
DOE
Main
TWiki
Veritas