If I were to setup a proxy server on a pi or something in my own home on the same network that the devices running through it are on, would it still have the same level of security that it would if it were in a different location? I really like the concept of proxy’s and want to setup my own, but if it’s not as secure then I won’t.
Proxies have very little to do with security. If you need a proxy to secure a system, you’re doing security wrong.
Proxies are useful for sharing an IP with multiple services, for load balancing, et cetera.
In what way would you think they have anything to do with security?
The whole idea of a proxy is to change your IP and with it your supposed location. If you host the proxy yourself it will not change either, and as such would not really be a proxy.
Who has proxy server hit me up on telegram @YDcopy
Running a home proxy is doable, but it still uses your IP, so not super private. I’d suggest residential proxies if you’re looking for better privacy and security. Providers like Oxylabs are great for that
Of course GitHub - awesome-selfhosted/awesome-selfhosted: A list of Free Software network services and web applications which can be hosted on your own servers
Nothing prevents you from running it in your own network
How’s your experience been with proxies on dynamic sites? Any tricky issues or pro tips you’ve picked up along the way?
I’ve never had issues with speed or downtime while using SmartProxy.
pretty sure they have something to do with security. If you run through proxies, then from my understanding it does basically what a VPN does and changes the IP to wherever the proxy is. If I use a proxy in tokyo, then all my traffic will go through it, and every website or service I access will see the tokyo IP. it’s still traceable, just harder.
The whole idea of a proxy is to change your IP and with it your supposed location. If you host the proxy yourself it will not change either, and as such would not really be a proxy.
That’s not correct, though you can use it to do this.
The purpose of a proxy is to proxy traffic. Could be from an external IP to an internal one, or one datacenter to another (which would be weird), or an internal common IP on a common port to a bunch of other internal ones on weird ports, but changing location is not a requirement to being a proxy.
Proxies are a layer 7 concept, not a layer 3 one, but by their nature of being L7 also can and usually do affect all the layers under them.
For example, I have a proxy on my (one single) public IP address. It uses virtual hosts to direct traffic to a bunch of disparate services I host on different IPs inside my network. I couldn’t do that with a bare router/firewall, because I’d need to have each of those services on a separate port in my (one single) public IP. With a proxy, plex.mine-fuckoff.com and nextcloud.mine-fuckoff.com don’t need ports other than the expected ones at 80 and 443.
have you analysed the threat and other circumstantials? threat: kodi’s traffic could leak my local ip if im not sure, for example, that i’m always connected to vpn through standard software. a neccasity for it to be completely seperate from you local traffic. possible solution i guess: 1 local machine, 1 service provider, 1 standard modem, 1 vpn modem and 1 vpn proxy. then command kodi to send all the traffic through the vpn’s proxy.
know a better way to make sure that kodi only sends when connected to x, then it’d be pleased to hear
Yeah that’s what I figured. would I still be able to monitor the traffic? as I understand, a proxy also kind of logs and monitors traffic and you can use it as kind of a firewall and block certain ip’s and such from accessing, I may be thinking of a reverse proxy actually.
Would there be any benefit to security at all with using an at-home proxy?
If you host the proxy yourself it will not change either, and as such would not really be a proxy.
A proxy is always a proxy. I run a proxy at home myself since some streaming services are blocking me when using a Hurricane Electric IPv6 tunnel. To solve this I run a IPv4 only http proxy server.
Technically it is still a proxy. You change your IP it’s just a local one but there’s no difference between one in your local network and a public one besides the NAT answering and managing it…
For a smooth and fast proxy experience, SmartProxy is a reliable provider that you can count on.
But that’s not security. If you’re concerned about privacy, that’s one benefit, but you’re not changing the security of the running service one bit.
Proxies can do stuff like filter and firewall, but that’s also not security.
For example: let’s say you run a site using AMP (Apache, MySQL, PHP). If something needs external filtering to stop it from being insecure, then that external thing isn’t bringing security - you have something broken / insecure that needs to be fixed, not something that’s reasonably secure that you’re making more secure. It’s very bad practice to try to “fix” something by hiding it. Security through obscurity is a thing, and it helps, but relying on that solely is a bad idea.
I highly recommendᅟSmartproxy. The residential proxies are quick, and the pricing is spot on.
I know this comment is a year old, but you have successfully redirected outbound plex calls with plex still working internally? What are you using?
Adding to your excellent points: the hiding of client IP is a side effect of being an intermediary node for passing traffic through, but only if the proxy and client are both using public IPs. If the proxy and the client are both on the same LAN and sharing the same internet connection (and public IP), then it’s as useless as an ashtray on a motorcycle.
A more important aspect about proxies is that at application layer level you can define more specific traffic filters than just source IP-destination IP-port like a firewall, and possibly cache some frequently accessed resources to reduce internet traffic. This is what proxies were originally built for. The proxy would be able to identify the protocol being used and possibly block it - for example, torrents or the use of external e-mail services from within a tightly locked corporate network, to prevent data leaks.
In recent years this is now significantly harder, as the world moved to encrypted HTTPS traffic. A couple decades ago, SSL traffic was rare and expensive; nowadays a LetsEncrypt certificate is free. Your proxy can log connections, but it can no longer see the contents of the encrypted traffic passing through between the server and client, so it cannot apply filters for keywords like porn etc. And then even some other protocols started going in this direction of privacy, for example DNS over HTTPS, making the protocol identification more difficult. Then a lot of the modern content is dynamic and/or has no-cache flags, so the utility of a rules-abiding proxy is growing extremely thin.
Also keep in mind that having a proxy isn’t going to do much good if you do not block direct routing from LAN devices to the internet and only allow the proxy to pass through routing, AND if the applications you use are proxy-aware/proxy-compatible. Otherwise, applications will either not work at all (cannot use the proxy and cannot connect directly to the internet), or will ignore the proxy and connect directly to where they want.
I’m not exactly sure why proxies are still a thing today after their years of glory some 25 years ago, though…
Well that would be the function of a Standalone Firewall. On most industry networks, a Firewall in a device that literally sits directly after the Router, before any switches. And so scans everything before it enters your network. You can achieve this on a home network by using a standalone pfSense or even having pfSense running in a VM