Managing Proxy Authentication and Exclusion List
February 28, 2013 10:45 pm Leave your thoughts
A lot of companies have implemented firewalls and closed off direct external internet access for security reasons. This results in developers going through proxy servers (internal to the company) in order to access external websites.
Normally, these proxy server can be configured through the OS global configuration or through individual applications. These ways are okay until you have to maintain exclusion list. For example: if you are developing a site using virtual hosts and the host file, you wouldn’t want to go through the proxy server when accessing these addresses, because it’s not going to work.
Some of the instructions following will be for Ubuntu Linux, but you can easily adapt those for other flavor of Linux, Windows or OSX; courtesy of open source software.
Centralised Proxy Configuration
First we need a software to centralised our configuration. For this we use, CNTLM. This is almost like having another local proxy server running on your machine taking care of the inbound/outbound proxy server connection and authentication while maintaining exclusion list.
To install this you can either:
- Sudo apt-get install cntlm
or
- Go to the official website and download the source
- Extract the archive
- Make
- Sudo make install
Installation is pretty simple.
After CNTLM is installed, you will then need to configure the proxy server that it suppose to connect to, including the authentication details. The great thing is, you won’t have to save your authentication in plain text since CNTLM saves them in hashes.
So to configure:
Open the configuration file:
|
1 |
sudo vim /etc/cntlm.conf |
Update your:
- Username
- Domain
- Proxy (enter your proxy server IP here)
- NoProxy (enter your exclusion list here)
- Then save the configuration file
After the configuration above, it’s time to enter your credentials
|
1 |
sudo /usr/sbin/cntlm -H |
You will get something like:
|
1 2 3 4 |
Password: PassLM FE03A594184396D6552C4BCA4AEBFB11 PassNT F3496B77FA086840D57D7F868C476AC8 PassNTLMv2 656289B0BB4C6746D31DD66A9CFC83E8 # Only for user 'test', domain 'TESTDOMAIN' |
Copy and paste the three hashes into the cntlm.conf and you are set to go.
Start cntlm by running:
|
1 2 3 4 5 |
sudo /usr/sbin/cntlm -fv or sudo /use/sbin/cntlm |
The first command with -fv tells cntlm to run on foreground with verbose mode. I tend to use that since I will be able to see any errors that might come up.
By default your proxy will run at http://localhost:3128
Apt proxy configuration (debian/ubuntu)
Next up is the apt configuration. This is important if you want to be able to apt-get install something via the proxy.
So open up /etc/apt/apt.conf
|
1 |
sudo vim /etc/apt/apt.conf |
Add your proxy configurations and save
|
1 2 3 4 |
Acquire::http::proxy "http://localhost:3128/"; Acquire::https::proxy "https://localhost:3128/"; Acquire::ftp::proxy "ftp://localhost:3128/"; Acquire::socks::proxy "socks://localhost:3128/"; |
Wget Configuration
In addition to the above, sometimes you will also need to add your local proxy address into the wget configuration to get command line wget to work.
So open up /etc/wgetrc and modify the proxy sections to use our localhost:3128 configuration.
When done with the above, it should help a bit with managing your proxy authentication and exclusion list.
Categorised in: Linux Tricks, Office Environment