HTTP Proxy Over SSH Connection Mini-Howto

What is HTTP Proxy?

HTTP proxy is a method to connect to a website by through an intermediate “proxy” server. The way it works is that your browser sends the request for a web page to the proxy server. The proxy server then forwards the request to the website. The website sends the requested page back to the proxy server, which in turn sends it back to your browser.

Uses of HTTP Proxy

HTTP proxy is most commonly used in two cases: (1) you want to fake your identity to the website; and (2) you want to bypass a firewall.

In the first case, since the website is only directly accessed by the proxy server, the website does not know who you are or what your IP address is. Instead, the website believes that the proxy IP address is actually yours. I use this feature to test the IP based authentication on my servers. Say I enable access to a particular webpage only from my home IP. How do I test it to make sure that users from other IP addresses are unable to access the page? HTTP proxy is the solution. This approach also works if a site restricts its service to a particular country, say the USA, then all you need to access that site is to do a proxy through a server located in the USA.

In the second case, say you are in environment that blocks you from accessing certain websites. This could be in an office with tight restrictions on web browsing, or a country that wishes to control your access to information. Using the proxy over ssh, you first establish a secure connection with a machine that is not behind the firewall (e.g., connect to your home PC from the office, or connect to a server at another country), then you use that connection to tunnel your HTTP requests by means of proxy.

How to setup HTTP proxy over ssh:

First establish the ssh connection. Open a terminal or a cygwin windows and enter:
ssh -D 9999 username@mysshserver
where 9999 is the local port number for the proxy server, username is your user name at the remote server that will act as a proxy, and mysshserver is the domain name or the IP address of that proxy server that is running the ssh server.

Now you are all set to configure your browser. Go to the browser option and configure the proxy settings to use localhost as the server and 9999 as the port number. Not that in Firefox you must enter this info in the SOCKS Host field, while leaving all the other blanks. This is uninuitive because there is a field for HTTP proxy. Make sure you leave that one blank!

6 Responses to “HTTP Proxy Over SSH Connection Mini-Howto”

  1. js says:

    Sorry man but this is just crazy annoying

    THIS IS NOT **HTTP PROXY** IT’S “SOCKS PROXY OVER SSH”

    and this should be title of your article – it would stop it jumping in front of search results

    I’ve spent like 2 hours looking for “http proxy over ssh” and I’ve just had enough of this kind of ignorant articles.

  2. imp says:

    I completely agree with js above. Learn the damn difference between SOCKS and HTTP proxies!

  3. Anja Trebon says:

    Hello,just identified your web-site when i google something and wonder what web hosting do you use for your blog,the speed is more faster than my wordpress, i really need it.will back to check it out,thank you!

  4. nepjua says:

    I completely agree too, i’m looking for http proxy over ssh for 3 hours, and bumping to articles like that, it’s not HTTP Proxy

  5. yaca says:

    AAAAAAAAAAAAAAAAAAARRRGHH!!!

    Seriously. Change this fracking title.

  6. yaca says:

    OK. So I’ve figured this out and see that this blog is DEAD.
    To save anybody in the future their torment here is the solution:

    1. Start SOCKS tunnel normally (like: ssh -D 8888 login@yourhost.com )
    2. Use some local http proxy server which is able to redirect your data through SOCKS

    I’m using polipo which is nice because ater it’s installed (apt-get polipo) you can get your browser to http://localhost:8123 and go to the configuration page

    Look for “parent proxy” and set it up accordingly (in the case above: 127.0.0.1:8888 )

    Other proxy tools are fine of course but YMMV (Privoxy, Squid?)

Leave a Reply