Вы находитесь на странице: 1из 7

How to set up a proxy server

Block websites and protect your network from malware

Corporate networks always have proxy servers, while on home networks

they're often an overlooked form of defence. But maybe they shouldn't be.

A local proxy server can help to improve the throughput of your broadband
connection, restore order to a troubled network and add another line of
defence against malware infections.

What are proxies?

'Proxy' means substitute. To the computers on the local network, a proxy
server is a substitute for connecting directly to the web. There are several
different types of proxy server. For example, a web proxy server keeps copies
of recently accessed web pages on your hard disk.

When you access a page, the proxy serves the cached version if it's up to
date. This is faster than downloading static files from the site. All internal
computers must use the local web proxy server for it to be effective.

In the settings for your web browser, there's a page to point it at a proxy
server rather than the network's default gateway. This gateway is usually a
router or the computer attached to your broadband modem. Some proxy
servers also block content, especially on corporate networks.

You may be tempted to disable the proxy settings in your browser to view
sites your boss would rather you didn't during work hours. However, to ensure
that everyone on the network uses the proxy to access the internet, system
administrators block all access to the internet at their firewall, except traffic
coming from or going to the proxy. So to access anything outside the local
network, you must use the proxy.

Forcing everyone to use the proxy gives system administrators great control
over what their users can access. The same principle can be used at home by
parents and those simply keen to bolster security.

If you find unexpected access attempts in a firewall's log file from inside a
proxy-protected network, they're probably coming from malware that doesn't
know how to test for a local proxy and has tried to go directly online.

Installing FreeProxy
FreeProxy (or FreeProxy Internet Suite) is a free Windows-based proxy server
that can provide web caching for faster access and is able to block banned
web domains. It works on Windows 7 and should ideally run on its own
computer. The app is available for free from here.
Once downloaded, unzip the file and double-click on the setup application.
When the installation wizard appears, click 'Next' to accept the licence
agreement, the default the destination folder and Start menu folder, then click
'Install'. When the release notes pop up, click 'Next', then 'Finish'. Click Start
and select 'FreeProxy Control Centre'.

Let's begin by configuring and testing FreeProxy for basic use. Open a
command line and enter ipconfig. Press [Enter] and one or more blocks of
information will appear.
Find the one about the server's Ethernet connection (usually the first one that
appears) and note the IP addresses of the default gateway and DNS server.
First, we need to stop relying on DHCP to provide IP addresses on demand
and use a fixed address instead. This is so other computers on the network
can find the proxy server via its address.

In Windows 7 or Vista, open the Control Panel and click 'Network and Internet
| Network and Sharing Centre'. In Windows 7, click 'Change Adaptor Settings'
in the left-hand pane and double-click the 'Local Area Connection'.

In Vista, click on 'Manage network connections' and double-click on the 'Local

Area Connection'.

In XP's Control Panel, double-click 'Network Connections' and then

doubleclick the 'Local Area Connection'. Click 'Properties' and a window will
appear showing the underlying configuration. Double-click the entry in the
protocol list called 'Internet Protocol Version 4 (TVP/Ipv4)'. In XP this is just
called 'Internet Protocol (TCP/IP)'.

Another subwindow will appear, giving details on how the computer gets its IP
address. Click the radio button marked 'Use the following IP address'. Your
default internet gateway (your router) will usually have the address, so enter a different number in the fourth position (,
for example).

If you're not sure if this address is already in use, open a command line and
enter ping If the command hangs and then returns a set of
timeouts, the address isn't in use. Next, enter a subnet mask of
and the IP address of your default gateway in the appropriate input boxes.

Select the 'Use the following DNS server addresses' radio button and enter
the IP address of the DNS server you noted down earlier. This is probably the
same device as the default gateway. Click 'OK' and dismiss the parent

Now we need to make a web browser use the proxy server to access the
internet. On a different networked machine, open Internet Explorer 8 and click
'Tools | Internet Options'. Click 'LAN settings' in the Connections tab.

In the subwindow, select the tickbox labelled 'Use a proxy server for your
LAN'. Enter the address and change the port number to 8080.
Now click 'OK' and dismiss the parent window, then try to surf to a page. The
proxy isn't running, so the browser will eventually time out.

In the FreeProxy Control Centre, click the 'Start/Stop' button and a window will
appear. To start the proxy server, click the 'Start' button in the Console Mode
pane at the bottom.

Windows Firewall may pop up to tell you that it's blocked the program. Ensure
that the option to allow FreeProxy to communicate on your home network is
selected and click 'Allow Access'. Refresh the page in the browser by pressing
[F5]. It should now load properly.

Blocking websites
Proxy servers are often used to block content, and FreeProxy does this
admirably via ban lists. Click 'Ban Lists' on the FreeProxy Control Centre and
the Ban List Manager will appear. Click 'New'.

Ban lists are split into several categories. Click 'Add' to add a category and a
window will appear. Enter a name like Do Not Access. You can define an
action the proxy must take when a user tries to access one of the URLs in the
category, such as redirecting the user to an external URL or showing a
custom error page. Select the 'Standard Response' option and click 'Done'.

To add a URL or IP address to the category, click 'Manage Category Details'.
Click 'Add URL/IP' and enter the destination in the input box. If you're entering
a URL, omit the 'http://www' prefix.

When you've finished, press 'Done'. Confirm that you want to save your
changes and enter a filename for the ban list. So that FreeProxy understands
the type of traffic to ban (in this case HTTP), double-click the default Proxy
entry on the main pane of the user interface. Select your LAN card in the
dropdown Local Binding list and then press 'Permissions'. A subwindow will

Click 'Add Resource' , change the type to 'Ban List URL of IP address' and
press 'Done' on each subwindow to dismiss it.

On the main interface, click 'Options', then click the 'Activate the Ban List?'
tickbox and select the ban list using the file browser below it. Restart the proxy
server and try surfing to a banned site. The browser should load nothing, but
allow you to surf elsewhere.

Creating error pages

To link an error page you've made to a category in your ban list, open the list
again, click the relevant category and change the redirect response to 'Error

Click the folder icon and select the error page. Click 'Open' to select it and
'Done' to finish. Click 'Done' in the Ban List window and agree to save the list
if required. Click 'Done' and restart the proxy.

Now try to access the banned web page. Your custom error page should

To log the domains and IP addresses that any person or program tries to
access from your network, click 'Options'. Click 'Log access data' and the
relevant options will become active. Enter a path and filename for the log file
and leave the report content on 'Forbidden'. This means you'll only record
attempts to access banned content.

Select 'Show full URL' to record the full path to the banned page. Click 'Done',
try surfing to a banned URL and inspect the content of the log file.