I have been developing a parental control software program for my company, but have run into a problem. The software uses policy listings stored in a MySQL DB to determine whether to block a website or not. It uses a local proxy. Each time a website is visited, the proxy sends that site to the server, then the server determines if the site should be blocked or not based on the settings for the user. The software is done, but there is one major problem. It takes too long for the address to be sent to the server, and the server's response to get back to the proxy. Browsing speed is slowed down a lot when using the software. Is there a better way to do this?
The proxy is written in Python and everything on the server end is done in PHP.
Are you caching the server's responses locally on the client? If not, you should - it ought to speed things up considerably.
And if you're asking your server about each URL, you should only ask about the domain name, so that the number of requests per site goes down from lots to only one. (Unless there are domains for which you only want to ban a part of it, but that seems unlikely.)
Related
I'm creating a website which needs do some data gathering anonymously. I ran an Ubuntu server with Apache, and normally when I want to run my script, target websites and servers can determine my server real IP. Is there any solution to hide Apache server IP and use random IPs per each request?
The target website will generally always be able to see your real IP address; you'd have to make each request from a different server, or via a different network connection.
Depending on why and how you're doing this, from where and to whom, it's likely to be an effective way to get banned, sued and/or prosecuted for a DDoS attack (or some other kind of attack).
Please don't do this.
My office network provides internet access to my employees when they connect to it through the office's router. I want to make a web application in which only computers connected to the internet through my office router, can access. So that my employees have to be in my office area before they can login into the php web application.
If they are connected to the internet, but not through my office network they should not be able to log in to the application. (I know I could have deployed the php app in a local server setup in my office but I want the app to be on a remote server on the internet for my personal reason).
What hardware do i need to setup my office network and how do I make PHP detect the id of the hardware of my network so php can determine that a request is coming from my network.
Some options to recognise your private office from a public website:
IP address
This will only work if you know what IP address is in use at any given time by your allowed clients. In the case you use a NAT gateway, this has to be the outside address.
It becomes pretty easy to do this if you have static IP addresses for all your allowed clients, if they change, it quickly becomes a nightmare to keep them right at all times.
Security: since HTTP is based on TCP it's not trivial for other to get to use your IP address through spoofing, but it's by far not foolproof either. Consider it a poor-man solution at the very best.
Caveat: if any of your staff can get remotely to their machine, they can access it remote (so e.g. a time registration system is going to get circumvented by this quickly)
VPN
VPN stands for Virtual Private Network.
This is the goto solution from a security perspective. Essentially you build up tunnels between either individual clients or networks as a whole with the VPN server.
On the central end of those tunnel(s), your webserver answers to web requests (but not to the internet at large).
There is a whole range of VPN products out there. There are equally relatively easy to build solutions using free software (e.g. OpenVPN).
Things on how the client (network or computers) will authenticate to the server and what traffic is attracted to the VPN and much more are all possible parameters you can set.
Security: it depends a bit on the choices made, but unless unproven or outdated solutions are picked, this can be done "top notch". It is however in skill level probably just above your typical IT shop around the corner (but you might be in luck).
Same remark as above: your staff that can gain access to it, might be tunnelling into their machine at work or might use credentials and settings on an office machine at home as well.
DNS
reverse mapping of IP to names is far too easy to spoof, don't try this.
Login/Password
This is a relatively easy solution: allow access from anywhere, but give authorised users a login and password and let them have access after being logged in properly.
Security: It's non-trivial to get this fully secure, there's plenty of opportunity to make errors in how the application works so that it becomes a problem.
But if you have to have a zero footprint on the clients, this is your best option.
Add in 2 factor authentication to increase the password security and make passing on passwords a bit more difficult.
TL;DR
I'd setup an OpenVPN based VPN, they are relatively easy to setup, the clients exist for most OSes (take care not all: e.g. iOS: I don't know of one) and it'll give you more than average protection without you having to delve deeply into the details of encryption protocols and the like.
Still there's a learning curve, but there's plenty of tutorials out there that don't assume much prior knowledge either.
For your clients you setup a certificate-based authentication system using EasyRSA (included with OpenVPN). It's a bit of a habit you need to create, but once setup properly, adding and removing users becomes relatively painless.
On your server all you need to do is make sure the http server only binds to the IP address of the tunnel interface.
I've been reading this book about PHP and MySQL and at the end of each chapter it asks you some questions for you to research about and one of them I don't really get:
What is a Proxy script? When might a proxy script be necessary?
I hope you could help me answering this question because I don't really know what it is (I do know what a proxy server is though)
From WikiPedia's article on Proxy Servers
In computer networks, a proxy server is a server (a computer system or
an application) that acts as an intermediary for requests from clients
seeking resources from other servers. A client connects to the proxy
server, requesting some service, such as a file, connection, web page,
or other resource available from a different server and the proxy
server evaluates the request as a way to simplify and control its
complexity.
That explains it pretty much. So basically, a PHP proxy script can be used to access the blocked content i.e. websites in a network i.e. a college's WiFi network.
For an example, suppose facebook.com is blocked by your college's WiFi and you want to access it then a PHP proxy script might come in handy. Which will take requests from you and send it to the facebook on your behalf and sends the received data back to you. So you're not directly communicating with the facebook's server but that proxy script is doing that job for you.
Here's a simple PHP proxy script I found from a quick search that you might find helpful : Simple-php-proxy-script
Didn't really know what title to give this question so I hope its acceptable.
I am using a system which has an API. I don't have a lot of control over this system, but one thing I need for security reasons is for it to be locked down to my IP. This works, so now the system can only be accessed from my IP.
Now, I have built a custom app which uses the above API. This app is hosted on a server which is different from my IP address. Therefore, when I try to make the API call it fails due to it being restricted. I know this is the case, because if I run the app locally from my location, it works without any problems.
So, the question is whats the best thing to do? I know I could add the IP address of the server which is hosting my app to the systems API. However, I think the servers IP is dynamic which could cause problems. I have also used things like no-ip locally to control my dynamic IP, but I cant imagine I can install this on my web server.
Looking for thoughts as to how I can overcome this problem.
Thanks
I'm a user of a certain forum, but recently my IP adress has been being blocked.That's not my fault but some users probalbly broke the rule and his ISP or IP address is same or close to mine, so I was enmeshed.
I rent a web server, so now I try to post comments to the forum from my server, but it fails.
When I post a comment using a form in the site, the error says that the referer was wrong.
I tried header() function using PHP but it doesn't work.
I tries to change referer but still it doesn't work.
I think if I could have a client in my web server, the IP and host change in posting comments, without changing referer information.But I don't know how to do this.
The restriction is temporary, maybe a few weeks, so I don't necessarily need a perfect and permanent solution.
Is there any ways to solve this problem?
If they're blocking you based on IP address, then it's the web IP address of your local network that they're blocking. If they've decided to block a range of IPs then you have a larger problem depending on your host.
A few things you can try:
Chances are (unless this is a work account) that you're using a dynamic ip address from your host. A lot of work accounts use a dynamic IP too, but you would need access to the modem (since you're probably not the corporate network administrator). Sometimes to get a new IP address from a completely different range by unplugging your cable or DSL modem and plugging it back in after about 30 seconds. Most electronics clear instantaneously (unless they have an onboard battery backup), but in the case of network components they purposely build in a few seconds of wait time in DHCP servers before providing a completely different IP address. Usually when I'm having a problem on my local network or doing an upgrade and unplug my modem after about 10 minutes of work when I plug my modem back in I have a new IP so I have to go through all of the trouble of re-whitelisting myself everywhere (so I know this works).
You could try connecting to the boards through your cell phone if you can tether your cell phone to your workstation or desktop. This will provide you with an IP address through the cell phone carrier's network (Note: it might violate the TOS).
You could do as #Bergi suggested and use a proxy. Some web browsers (like Opera) allow you to specify a proxy in the browser without forcing all of your desktop traffic to a different network. You can obtain a proxy server address from several resources, but this is one of my favorites. Be sure to use an HTTPS proxy in order to have the best defense against someone packet filtering and catching your credentials. People can still capture the initial handshake for SSL and decrypt your communications (so make sure this is what you want to do.)
You can try to force inject headers into the message board and make your server post for you. Good forum software will check the referrer and the user_agent to see if you are a "real person" (however real the programmer felt you needed to prove). If there is a CAPTCHA you will need to be able to see the image, hear the sound, or use a plug-in to break it. (This will require research). Chances are your web server is using a static IP, so there is nothing to prevent the board from blocking this one as well. (You will not be able to change it.) If the web host has strict guidelines about using their servers for this sort of thing it might *cost you your account*. I will not provide an example for this on this board. But you can check out a book called WebBots, Spiders, and Screen Scrapers.