Search code examples
amazon-web-servicesubuntuproxysquid

AWS Ubuntu instance as proxy

I'm not sure why my browser is timing out when I try to connect to my AWS Ubuntu Instance squid proxy

I want to have my AWS Ubuntu instance act as a proxy for my python requests. The requests I make in my program will hit my AWS proxy and my proxy will return to me the webpage. The proxy is acting as a middleman. I am running squid in this Ubuntu instance. This instance is also within a VPC.

The VPC security group inbound traffic is currently set to

HTTP, TCP, 80, 0.0.0.0/0
SSH, TCP, 22, 0.0.0.0/0
RDP, TCP, 3389, 0.0.0.0/0
HTTPS, TCP, 443, 0.0.0.0/0

and outbound traffic is open to all traffic

This is my current squid configuration is the default squid.conf except that I changed one line to

http_access allow all meaning traffic is open to all.

However when I changed my mozilla browser to use the Ubuntu instance's Public IP and squid.conf default port of 3128, I cannot see any traffic going through my proxy using this command on the ubuntu instance

tail -f /var/log/squid/access.log

My browser actually times out when I try to connect to a website such as google.com. I am following this tutorial but I cannot get the traffic logs that his person is getting.

Solution

  • HTTP/S as shown in security group settings actually has nothing whatsoever to do with HTTP/S.

    Many port numbers have assigned names. When you see "HTTP," here, it's only an alias that means "whatever stuff happens on TCP port 80." The list of values only inludes common services and the names aren't always precise compared the official port names, but the whole point is to give neophytes a word that nakes sense.

    What should I change? I always thought I should be leaving HTTP/S ports to their default values.

    That is not at all what this does. As already inferable from above, changing an "HTTP" rule from port 80 to something else does not change the value for the HTTP port on instances behind it. Changing the port value makes the rule no longer be an "HTTP" rule, since HTTP is just a friendly label which means "this rule is for TCP port 80."

    You need a custom TCP rule allowing port 3128 from your IP, and that's it.