OT?: Proxy Skills

This is on-topic...somewhat...

As most of you know, I have to deal with a rather (ahem) silly filtering service while at the day-job, one that filters out sites that it considers objectionable. This includes the things you'd expect, as well as sites categorized as hacking or chat sites. This is a problem for me, because it means I can't get to some relevant materials, such as Ovid's CGI course (the server is classified as one devoted to hacking) or to deja (considered a chat site), which I use to search for questions posted on c.l.m.p and others.

The internal security forces (aka Stormtroopers) are running me through all sorts of hoops to "allow" me to access these sites and I'm getting fed up with the rigamarole. (Furthermore, they're not willing to provide me the information I need to configure PPM so it can automatically connect and install CPAN modules.)

I used to be able to bypass the company's proxy server using Lucent's proxymate, however, that's gone commercial.

Since I have administrator access to another server (BSD), I know I can set up a perl-based proxy that I should be able to use to bypass the company's. I don't plan to use this for patently objectionable material, but to access the technical information I need to do my job.

However, I'm not well versed in doing this sort of thing. Since many of you are administrators or more versed in these skills, does anyone:

Have a link or set of links I can use to learn what I need to know to do this intelligently (and securely)? (Remember, I'm a Windows programmer trying to defect to the Light side.)
Know of a book written for intelligent, but inexperienced people that discusses the basics of proxies, firewalls, and related services?
Know which, if any, CPAN modules will make this easier on me?

(FTR, I know there are modules that will search deja, but that's really only part of the problem I'm trying to solve. Also, I'm not criticizing the company's rights to control access to content for their associates. However, their choices are based on the needs of customer service folks, not technical programmers and I'm tired of trying to convince people that sometimes, one size doesn't fit all.)

--f

Update: Still working on this, but I noticed that merlyn has another related article; between those and the link from lzcd; I should be able to cobble something together.

Comment on OT?: Proxy Skills

Replies are listed 'Best First'.
Re: OT?: Proxy Skills by OeufMayo (Curate) on Jan 30, 2001 at 22:14 UTC
Should merlyn be here, he surely would have pointed you to one of his WebTechniques article. <kbd>-- PerlMonger::Paris(http => 'paris.pm.org');</kbd>	[reply]
Re: OT?: Proxy Skills by jepri (Parson) on Jan 31, 2001 at 16:21 UTC
There are some details on getting through firewalls here In general a firewall manager with a clue will keep catching you at what you are doing. However most people just set firewalls up and forget them. There are lots of tricks you can pull, based on detailed knowledge of the firewall and its setup, but you tend to have to get guru level knowledge of the particular package for that to be useful. ____________________ Jeremy I didn't believe in evil until I dated it.	[reply]
Re: OT?: Proxy Skills by lzcd (Pilgrim) on Jan 31, 2001 at 03:52 UTC
My personal pick is this perl CGI proxy written by J Marshall. I haven't bothered playing around with it in any serious sense but it's small enough to be vaugely editable. Update: The link is now demangled. A late Update: I've also had use for this proxy in expanding Telstras rather silly choice of names for internal cable servers (eg. www? Why not just name it Localhost and really put my DNS through a loop). Yet another Update: Mr Marshall has been nice enough to provide a new version as of this morning. Freshmeat will no doubt provide the required details upon request.	[reply]
Re: Re: OT?: Proxy Skills by YaRness (Initiate) on Feb 01, 2001 at 01:12 UTC
(that link is mangled there, it should point to http://www.jmarshall.com/tools/cgiproxy/ i think)	[reply]
Re: OT?: Proxy Skills by BlueLines (Hermit) on Feb 03, 2001 at 12:37 UTC
OK, now I understand what you're dealing with. You have several options: 1) This is the easiest to implement, but not necessarily the best. It's a somewhat little known fact that you can use Akamai's cache / proxy installations to beat 80% of the filters out there. See here. 2) You could also set up your own proxy externally, and have it run on a port other than 80. Most filtering software only watches traffic going through standard web ports. 3) The last (and probably best) solution is to set up ssh port forwarding through an external machine. Then you set your browser to proxy through some port on `localhost`, and forward that through your firewall to some machine outside that you have a shell account on. This will slow your connection down, but it's untracable. BlueLines Disclaimer: This post may contain inaccurate information, be habit forming, cause atomic warfare between peaceful countries, speed up male pattern baldness, interfere with your cable reception, exile you from certain third world countries, ruin your marriage, and generally spoil your day. No batteries included, no strings attached, your mileage may vary.	[reply] [d/l]