1
00:00:00,000 --> 00:00:16,879
Hey everyone and welcome back. So now what I want to talk to you about is the concept

2
00:00:16,879 --> 00:00:23,280
of what is called a proxy server. So what is a proxy server? What does it do for us?

3
00:00:23,280 --> 00:00:29,199
Let's find that out then shall we? So at its core really what a proxy server acts as as

4
00:00:29,279 --> 00:00:35,600
kind of like a middleman. Okay such that when you have a little computer here this can be the client

5
00:00:35,600 --> 00:00:42,320
and this can be the server you're trying to reach to as opposed to you directly connecting to that

6
00:00:42,320 --> 00:00:48,799
server from your IP address directly to the server's IP address instead there's going to be a type of

7
00:00:48,799 --> 00:00:56,560
really involved i.e in the middle we will have this proxy server. So when you go to visit

8
00:00:56,560 --> 00:01:02,160
this website the connection is not direct from here to here instead as we can see above the

9
00:01:02,160 --> 00:01:09,120
request instead goes directly to the proxy server and then the proxy server makes that request on

10
00:01:09,120 --> 00:01:15,280
the client's behalf to the server and when the server responds the server sends the response back to

11
00:01:15,280 --> 00:01:22,640
the proxy server who then relays that information back to you. Now if you happen to have let's say

12
00:01:22,640 --> 00:01:29,439
a VPN this is a very common technology nowadays let's maybe say you have a Netflix account and

13
00:01:29,439 --> 00:01:34,640
you want to access some geo restricted content well think about what that actually means that would

14
00:01:34,640 --> 00:01:41,200
mean that the server let's maybe say you wanted to watch some content that was on Netflix UK and

15
00:01:41,200 --> 00:01:47,040
you happen to be residing within the USA. Some people although i'm not saying me nor am I recommending

16
00:01:47,040 --> 00:01:52,960
you do this some people will just implement a VPN i.e they'll pay for a service and this example

17
00:01:52,960 --> 00:01:59,760
which may have a UK server which can make that request on their behalf so the Netflix customer

18
00:01:59,760 --> 00:02:07,920
in the USA tunnels that traffic through a UK server to request information from Netflix UK and

19
00:02:07,920 --> 00:02:16,159
Netflix UK sees that request is coming from a UK IP address and says hey i'm allowed to serve up this

20
00:02:16,159 --> 00:02:23,439
content to people within this area so i can send that information back i.e send the movie you want

21
00:02:23,439 --> 00:02:29,280
to watch and that is ultimately relayed back to the customer so we have this middleman in play

22
00:02:29,280 --> 00:02:35,199
right here the VPN is effectively acting as a proxy for your request so what you're getting here

23
00:02:35,759 --> 00:02:42,479
is a form of anonymity now not total anonymity of course because the middleman who you're connecting

24
00:02:42,479 --> 00:02:47,439
to they can see both sides of the connection they can see who is making the request and where that

25
00:02:47,439 --> 00:02:53,599
request is going to but nevertheless from the point of the server the server actually cannot see

26
00:02:53,599 --> 00:02:58,799
who the client they're actually serving is so this can be useful like i say if you want to be able to

27
00:02:58,799 --> 00:03:04,959
protect your IP address from being sent to a particular server or if you want to just hide

28
00:03:04,959 --> 00:03:11,120
your location of where you're browsing from but that only tells one part of the story with respect

29
00:03:11,200 --> 00:03:18,560
to proxies now the proxy which i'm talking about right now is something called a forward proxy now

30
00:03:18,560 --> 00:03:26,159
we will get to talk about a reverse proxy within the next nugget but understand for now the transaction

31
00:03:26,159 --> 00:03:32,480
i just described here was relating to a forward proxy now the way we can tell this is that the

32
00:03:32,480 --> 00:03:39,920
forward proxy is based around protecting the client i.e the person making the request to the server

33
00:03:39,919 --> 00:03:45,839
they are the ones with the proxy configuration now like i said the idea of being able to hide

34
00:03:45,839 --> 00:03:51,679
your location and your IP address from a particular server that is only one function that we can use

35
00:03:51,679 --> 00:03:57,919
with respect to a proxy server or one function we can leverage to our advantage should i say so

36
00:03:57,919 --> 00:04:04,000
another thing that we can do is we can ultimately implement filtering so think about it like this

37
00:04:04,000 --> 00:04:10,400
then okay so let's say we have the big bad internet out there who knows what you can find out on there

38
00:04:10,400 --> 00:04:16,879
you know it's not always a safe place and let's say that we have our local network here we have a

39
00:04:16,879 --> 00:04:24,160
bunch of computers within our company and what we do is we implement this proxy server okay now we

40
00:04:24,160 --> 00:04:30,560
can configure things in such a way that all the devices within our network they are configured

41
00:04:30,560 --> 00:04:37,759
to talk directly to our proxy server so that means that whenever they want to make a particular

42
00:04:37,759 --> 00:04:43,120
request out to the big bad internet now they have to go through this proxy server and this proxy

43
00:04:43,120 --> 00:04:48,639
server can be tightly controlled so think about it like this so let's say we have this company here

44
00:04:48,639 --> 00:04:54,240
and the company they do not want their employees to be slacking off so they do not want their employees

45
00:04:54,240 --> 00:04:59,840
to access things like youtube now youtube can be very educational as i'm sure you are aware but

46
00:04:59,839 --> 00:05:04,959
let's just say this company are taking a very harsh stance maybe it would be better to block

47
00:05:04,959 --> 00:05:10,000
something like say netflix which is more explicitly an entertainment platform okay so whatever it may

48
00:05:10,000 --> 00:05:16,159
be we have a whole bunch of websites that we do not want our team here to be wasting their time so

49
00:05:16,159 --> 00:05:22,879
to speak and accessing during work hours so if a user happens to go to say for example netflix.com

50
00:05:22,879 --> 00:05:28,239
the request here has to go through the proxy server now the proxy server can ultimately

51
00:05:28,240 --> 00:05:35,600
filter here okay so that means for anyone in our network trying to access this website it's going

52
00:05:35,600 --> 00:05:42,000
to be filtered and therefore the connection can ultimately be denied so the users cannot make

53
00:05:42,000 --> 00:05:50,560
that particular request however let's maybe say the user wants to go to say for example wikipedia.org

54
00:05:50,560 --> 00:05:56,960
that might actually be whitelisted ie this is something that is allowed and as such the proxy

55
00:05:56,959 --> 00:06:03,519
is going to allow this connection and we can make that request and contact wikipedia out there on the

56
00:06:03,519 --> 00:06:09,599
internet so we ultimately have this little bottleneck of control whereby we can implement

57
00:06:09,599 --> 00:06:15,759
any type of policy that we want to do so now another example of which is remember we talked about in

58
00:06:15,759 --> 00:06:22,479
previous skills we talked about dns but we know dns is how we can actually resolve ip addresses and

59
00:06:22,480 --> 00:06:30,240
domain names so this can be a good source of control for us i.e we can allow particular request

60
00:06:30,240 --> 00:06:37,520
via their dns lookup by putting the domain on a whitelist or we could deny particular dns requests

61
00:06:37,520 --> 00:06:43,759
using a blacklist so think about it in this case here the dns name is how we are actually determining

62
00:06:43,759 --> 00:06:50,319
where the user wants to go and if that is in line with our particular policy now remember we also have

63
00:06:50,319 --> 00:06:58,319
google's public dns server such as 8.8.8.8 a crafty and a savvy employee may actually change

64
00:06:58,319 --> 00:07:04,959
their dns server to point to google's public dns server i.e bypassing the dns control that you

65
00:07:04,959 --> 00:07:12,079
have in your local dns now if you want to be able to control and force everyone to use that dns server

66
00:07:12,079 --> 00:07:18,879
well again via your proxy you could ultimately block access to these type of public dns servers

67
00:07:18,879 --> 00:07:24,480
i.e if someone wants to resolve some type of domain name they're going to have to use the only

68
00:07:24,480 --> 00:07:30,319
one available which is your local one which is the one whereby you have explicit control now

69
00:07:30,319 --> 00:07:35,439
there are different types of proxies available but the one we're going to quickly focus on just now

70
00:07:35,439 --> 00:07:41,279
is one called squad now squad should not be installed by default on your system so you're

71
00:07:41,279 --> 00:07:45,199
going to want to install that let me just walk through the installation process we'll just say

72
00:07:45,199 --> 00:07:51,680
sudo in fact let me take caps lock off i will say sudo apt install quid it really is that simple

73
00:07:51,680 --> 00:07:56,959
so now i'll type in my password okay now the installation will begin i will just say yes hit

74
00:07:56,959 --> 00:08:02,480
enter and there we go now this should only take a minute or so just give it some time okay great

75
00:08:02,480 --> 00:08:08,079
so let me just clear the screen and now with squad installed we should now have a squad

76
00:08:08,079 --> 00:08:14,000
configuration file now that configuration file should be able to be found within the etsy directory

77
00:08:14,000 --> 00:08:20,079
within a directory called squad which will be newly created and then the actual file itself

78
00:08:20,079 --> 00:08:26,800
will be quid.conf so how about we go and inspect this file then so what i will do is i will go

79
00:08:26,800 --> 00:08:34,000
into my etsy directory i'll go into squad or do an ls we can see the actual squad.conf so what i'll

80
00:08:34,000 --> 00:08:39,759
actually see here and you can probably hear me laughing is that when i open this file this is

81
00:08:39,840 --> 00:08:45,360
a pretty massive file so just watch this if i open this up i'll use them so you can see in fact

82
00:08:45,360 --> 00:08:51,120
let me just actually install them okay so let's open this up once again there we go so if you look

83
00:08:51,120 --> 00:08:56,559
at the bottom right hand corner here we can see we're at the top of the file as i scroll down this

84
00:08:56,559 --> 00:09:02,080
file you're going to see the percentage of how much i've scrolled through so i'll keep scrolling

85
00:09:02,080 --> 00:09:09,439
and as you can see here as i'm moving i've only i'm at 1% and now 2% this file is absolutely

86
00:09:09,840 --> 00:09:15,200
massive okay so what i'm trying to say is is that trying to scroll through this entire file is kind

87
00:09:15,200 --> 00:09:19,759
of a futile thing at least in my opinion you really want to be knowing what you're looking for

88
00:09:19,759 --> 00:09:26,399
and utilizing certain search tools maybe even just say grep to more quickly manage this particular

89
00:09:26,399 --> 00:09:31,759
file because just opening the file and just trying to scroll to the relevant line this is going to

90
00:09:31,759 --> 00:09:36,080
take you quite a while and it's not very efficient okay so let me just talk about the actual configuration

91
00:09:36,080 --> 00:09:40,960
file from now okay let me just quickly escape here so i'll just quit out of them okay so within

92
00:09:40,960 --> 00:09:47,120
this configuration file we can do a whole bunch of things as we know we can use our proxy server

93
00:09:47,120 --> 00:09:54,160
to filter on particular criteria and it is within this configuration file that we can actually control

94
00:09:54,160 --> 00:10:02,240
access to what we want to permit and deny this is going to be known as acl these are access control

95
00:10:02,240 --> 00:10:09,200
lists so what i'm going to do here is i will actually just cat the file for now i'll say cat

96
00:10:09,200 --> 00:10:14,560
squad dot conf now of course if i just hit enter it's going to be very very large i'm going to

97
00:10:14,560 --> 00:10:20,480
grep for something very particular so i will grep for the words insert okay so it says here

98
00:10:20,480 --> 00:10:26,159
insert your own rules here to allow access from your clients i actually want to know where abouts

99
00:10:26,159 --> 00:10:31,519
within the text file this happens so i will say dash n to give me the line number we can see the

100
00:10:31,519 --> 00:10:38,240
line number is 1184 so i could use one of my text editors say for example vim or if you prefer nano

101
00:10:38,240 --> 00:10:44,240
and i will say nano plus and give that line number so that i open the text file directly at that

102
00:10:44,240 --> 00:10:50,240
location so i'll give the actual name of the configuration file now and if i hit enter we

103
00:10:50,240 --> 00:10:56,079
should snap open as we can see here directly right to this particular line and this is where we can

104
00:10:56,080 --> 00:11:01,600
control our access now one thing to note is that we do have some particular keywords which are built

105
00:11:01,600 --> 00:11:07,440
in to the squad configuration you want to understand these so we can recognize them say for example you

106
00:11:07,440 --> 00:11:14,960
see this keyword here all okay so within our acl if we deny or allow all this is going to refer to

107
00:11:14,960 --> 00:11:22,240
absolutely everything all of the systems whereas if you happen to see the keyword here local host

108
00:11:22,240 --> 00:11:29,200
this just means the source ip of the server itself ie this actual server i'm working on where

109
00:11:29,200 --> 00:11:36,720
squid happens to be installed the local host now we'll also see one called to underscore local host

110
00:11:36,720 --> 00:11:42,480
this also refers to the local host ie the actual server here which squid is installed on but it

111
00:11:42,480 --> 00:11:48,320
actually refers to destination ip addresses for the local server we're also going to see this

112
00:11:48,400 --> 00:11:54,320
keyword here manager this is going to handle squids cache so remember how we can actually

113
00:11:54,320 --> 00:11:59,440
cache particular information so that we don't have to resend the same request it can just be

114
00:11:59,440 --> 00:12:05,520
stored within the system manager actually refers to the management of the squids server's actual

115
00:12:05,520 --> 00:12:11,280
caching mechanism now we can see here we have the important keywords deny this is when we want to

116
00:12:11,280 --> 00:12:16,720
deny something and of course when we want to allow something we can say allow we're also going to see

117
00:12:16,720 --> 00:12:24,399
the keyword src if we want to refer to a source ip address or a source network address if we want to

118
00:12:24,399 --> 00:12:31,840
be a little bit more broad we'll also see dst when we want to refer to a destination ip address or a

119
00:12:31,840 --> 00:12:39,519
network address we'll also actually see this one right here ssl underscore port this is where we

120
00:12:39,519 --> 00:12:46,160
can specify ports where secure sockets layer is actually permitted so we just talked about

121
00:12:46,159 --> 00:12:52,559
ssl very very recently and we're also going to see one called safe underscore ports and that is

122
00:12:52,559 --> 00:12:58,639
safe with a capital s this is going to be the ports where regular HTTP is going to be allowed

123
00:12:58,639 --> 00:13:04,159
now one thing to note here is that within this configuration file when we see an exclamation

124
00:13:04,159 --> 00:13:10,879
mark like we see right here this actually means an inversion of logic pretty much what i'm saying is

125
00:13:10,879 --> 00:13:19,519
this means not now we're going to be reusing this HTTP access keyword whenever we want to allow or

126
00:13:19,519 --> 00:13:24,240
deny anything you're going to see this keyword continually invoked over and over again now

127
00:13:24,240 --> 00:13:30,399
another important concept i want to show you within this particular file as if i grep this time for

128
00:13:30,399 --> 00:13:36,720
var bool go ahead and to enter this part right here i actually want to inspect this so let me open

129
00:13:36,800 --> 00:13:46,080
this up at line 3461 so i'll just edit this 3461 and to enter snaps me open right here so with respect

130
00:13:46,080 --> 00:13:52,240
to our caching and we can actually see this here with the description the cache disk directory if

131
00:13:52,240 --> 00:13:58,240
we want to invoke this caching we would ultimately uncomment this i.e remove the hashtag and this

132
00:13:58,240 --> 00:14:05,600
is what we actually see here var spoolsquid is going to be the directory where the cache actually is

133
00:14:05,600 --> 00:14:12,320
stored now we do have some particular values here now the first one we can see is 100 what this is

134
00:14:12,320 --> 00:14:18,639
ultimately referring to is the size of the cache that we're going to allow in this case here this

135
00:14:18,639 --> 00:14:25,840
is going to be in the value of megabytes so not exactly a huge volume of data and these two values

136
00:14:25,840 --> 00:14:32,080
here ultimately refer to directories the first one would be the top level directory i.e we could have

137
00:14:32,080 --> 00:14:41,360
16 main directories caching things and within each of those 16 each of those 16 can have 256

138
00:14:41,360 --> 00:14:46,240
directories within them and that really is what it is we can have 16 directories each of those

139
00:14:46,240 --> 00:14:52,879
directories can have 256 directories within them and the total amount of data that we can store for

140
00:14:52,879 --> 00:14:59,040
our cache is 100 megabytes in which case if we exceed this we're going to ultimately clean and

141
00:14:59,039 --> 00:15:04,719
refresh that data so really if we want our proxy server to act as a caching server then we want to

142
00:15:04,719 --> 00:15:10,879
uncomment this line and we want to specify the location of the cache directory as well as these

143
00:15:10,879 --> 00:15:16,719
particular values to control how much we are actually allowing for the caching to happen if I

144
00:15:16,719 --> 00:15:24,719
just escape out for now if I want to activate my squad server I can say sudo systemctl enable

145
00:15:24,800 --> 00:15:32,480
squids and then I will say sudo systemctl start squids and then I should be able to say sudo

146
00:15:32,480 --> 00:15:39,920
systemctl status squids and as we can now see here our squad proxy server is indeed active

147
00:15:39,920 --> 00:15:45,120
and running and with this server now running we could ultimately configure our clients within

148
00:15:45,120 --> 00:15:51,040
our network to actually point to this server and those clients would ultimately be bound by the

149
00:15:51,039 --> 00:15:58,480
rules that are specified within the access control list within xasquid squad.conf as well as they could

150
00:15:58,480 --> 00:16:04,719
also benefit from the caching mechanism of this squad server depending again on the caching settings

151
00:16:04,719 --> 00:16:11,679
that you've chosen within xasquid squad.conf. Okay so that is us for our introduction into

152
00:16:11,679 --> 00:16:20,319
forward proxies and squids I hope this has been informative for you and I'd like to thank you for viewing.