DIFFERENCE BETWEEN DEDICATED PROXY AND SEMI DEDICATED PROXY
There are various types of proxies available out there, from private/dedicated to shared proxies. Although the working of all the types of proxies remains the same, they are very different from each other.
LET’S UNDERSTAND HOW EXACTLY A PROXY WORKS BEFORE DIVING INTO THEIR DIFFERENT TYPES:
Proxy is usually known as a middleman or in a more technical term, “interface” between the home and global or public network. It separates the user from the destination website. Depending on what exactly is the proxy being used for, the functionality changes.
After setting up the proxy, when you send out any request to the internet, the following process takes place:
- The request first goes to the proxy server from the user
- The proxy server then sends or forwards the request to the destination address
- The request from the destination address, depending on the configuration flows back from the proxy server to the user
Proxies can be configured to do much more than just forward website traffic. They can be configured to filter or block requests in a shared network, this is specially used by system administrators. Proxies can be used as a cache server as well, thus speeding up your internetbrowsing.
AS WE NOW KNOW HOW PROXIES WORK, IT IS KEY TO KNOW THEIR VITAL BENEFITS:
PROXIES CAN BE SET UP TO CONTROL AN ORGANIZATION’S NETWORK OR EVEN PARENTAL CONTROL
After configuring a proxy, as all the requests go through it, organizations use it to monitor and control the internet traffic. When you are working, it is obvious that the company doesn’t want you to access anything but work related material, so the proxy is used to block certain website and in case you access them, you will be greeted with a message saying that you are not allowed to browse the site. It can also be used for getting logs, even if the website is not blocked, they will know how much time did their employee spend on a particular website.
A PROXY CAN IMPROVE THE INTERNET SPEED BY CACHING, THUS SAVING BANDWIDTH
The overall speed of browsing can be improved by using a proxy. A proxy server can store the copy of a website that is accessed frequently, this process is called as caching. So when you try to access a website, the proxy will check if the copy of that website is on the server and shows that to the user. So when multiple users request the same website through the proxy server, actually only one request is sent to the end website server and for rest of the requests, a copy of that website is shown. This immersively affects bandwidth usage in a positive way and improves the overall efficiency.
ONE STEP AHEAD IN TERMS OF PRIVACY
A proxy server will hide your original IP address and there are also various parameters that can be hidden from the destination server, thus the destination server will never know that the request was made from a proxy server. This type of proxy is also called as Elite proxy.
SECURITY CAN BE AN ADDED BENEFIT
Proxy servers can be configured to encrypt the data that is being sent between the user and the destination website. Some organization use proxy along with a VPN for remote staff to get access to the company’s network.
GET AROUND GEO RESTRICTIONS
There are services like Netflix, Hulu, etc that implement geo restriction. It means that they restrict their contents to a particular country, for example, USA and if you access the same content from a country other than the USA, you will get a message saying that “This content is unavailable in your region”
The provider implements this by detecting your IP address and thus it reveals your actual location. By using a proxy, you can mask your IP and spoof your location thereby accessing restricted content.
DEDICATED PROXY:
As the name suggests these types of proxy are exclusively used by one user. Practically, such proxies are useful for SEO, social media, Marketing, etc. As these proxies are not shared with any other users, the speed and performance are always better.
SEMI DEDICATED:
The proxies that are not completely shared nor they are dedicated are called semi dedicated proxies, these type of proxies are shared among a group of 2–3 users.
Compared to dedicated, there will be lag in performance but if you are on a budget, this is the way to go.
BELOW ARE THE STEPS TO CONFIGURE PROXY ON CENTOS 7
We will be using Squid proxy for configuration. Squid is an open source proxy which has caching technology. It supports protocols like HTTP HTTPS, etc. Follow the below steps to configure Squid proxy on CentOS
The first step to follow is updating the packages in the system:
yum -y updateIf you are using the normal yum repository, you will be unable to install Squid. This process needs the EPEL repository. Use the following command to install EPEL
yum -y install epel-release
yum -y update
yum clean allUse the below command to install Squid proxy
yum -y install squidAfter installation, use the below command to start the service
systemctl start squidThe process of starting Squid can be automated during boot by the following command
systemctl enable squidBelow command can be used to check the status of the service
systemctl status squidTo the above command, you will get the following result
[root@ip-172-31-23-60 ~]# systemctl status squid- squid.service — Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2018-11-11 05:36:10 UTC; 5min 36s ago Main PID: 4416 (squid) CGroup: /system.slice/squid.service ├─7426 /usr/sbin/squid -f /etc/squid/squid.conf ├─7428 (squid-1) -f /etc/squid/squid.conf └─7429 (logfile-daemon) /var/log/squid/access.logNov 16 04:06:10 ip-162-31-13-60 systemd[1]: Starting Squid caching proxy... Nov 16 14:36:10 ip-162-31-13-60 systemd[1]: Started Squid caching proxy. Nov 16 04:06:10 ip-162-31-13-60 squid[7416]: Squid Parent: will start 1 kids Nov 16 14:36:10 ip-162-31-13-60 squid[7416]: Squid Parent: (squid-1) process...d Hint: Some lines were ellipsized, use -l to show in full.
To check the different options available with Squid, use the below command
squid -hTo the above command, you will get the following result
[root@ip-162-31-13-60 ~]# squid -h Usage: squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file] [-[au] port] [-k signal] -a port Specify HTTP port number (default: 3128). -d level Write debugging to stderr also. -f file Use given config-file instead of /etc/squid/squid.conf -h Print help message.-k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse Parse configuration file, then send signal to running copy (except -k parse) and exit. -s | -l facility Enable logging to syslog.-u port Specify ICP port number (default: 3130), disable with 0. -v Print version.-z Create missing swap directories and then exit. -C Do not catch fatal signals. -D OBSOLETE. Scheduled for removal.-F Don't serve any requests until store is rebuilt. -N No daemon mode. -R Do not set REUSEADDR on port. -S Double-check swap during rebuild. -X Force full debugging.-Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.
Using the command squid -v you will get the Squid version and other options
[root@ip-162-31-13-60 ~]# squid -v Squid Cache: Version 3.3.8 configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2' '--enable-esi' '--enable-ecap' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie' 'LDFLAGS=-Wl,-z,relro -pie -Wl,-z,relro -Wl,-z,now' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
The proxy server IP can now be configured in the browser with port 3128 but will only work locally.
The main configuration file for Squid can be found under /etc/squid/squid.conf
THE BELOW COMMANDS WILL HELP YOU CONFIGURE SQUID
By editing /etc/squid/squid.conf Squid can be configured. To proceed with this, use the following command. This uses nano editor but you can use any editor of your choice
nano /etc/squid/squid.confFollowing will be the output
# # Recommended minimum configuration: ## Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 162.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.166.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT# # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports# Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports# Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager# We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost# # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS ## Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost# And finally deny all other access to this proxy http_access deny all# Squid normally listens to port 3128 http_port 3128# Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256# Leave coredumps in the first cache dir coredump_dir /var/spool/squid# # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320
To add the rule for allowing IP addresses to access internet through the proxy server, use the below command. Here we will be allowing the range 107.168.24.0 to 107.168.24.255
acl localnet src 107.168.24.0/24The ACL will look like below after adding the above
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src 107.168.24.0/24 #Your newly added ACLNow use systemctl restart squid to restart the Squid server
YOU CAN ALSO DEFINE WHICH PORT TO ALLOW FOR HTTP CONNECTIONS
Following ports are used by default by the Squid server
acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http
Now if you wish to use a particular port to access the proxy, following command can be used. Here we will be using port 1212
acl Safe_ports port 1212Use systemctl restart squid to restart the server after the changes are saved.
You have now configured a proxy that can access the internet using a particular port.
CONCLUSION:
Now we know the difference between dedicated and semi dedicated proxies. Also, the steps to configure one using Squid is clearly understandable, But if you are not sure about how to set up, It is recommended to take advice from a server administrator.
