Redirect all web traffic (including https) through proxy server

I would like to setup a filtering mechanism for certain websites I use, including the ones served over https.

Privoxy provides this functionality, but only over http.

I'm pretty comfortable around programming and system management, but when it comes to hardcore networking my knowledge and experience lacks a little.

I found this question/answer which seems to address the https problem by tunneling traffic using STunnel.

I have issues placing some of the concepts that come into play. Is it possible to set this (meaning "creating the ability to use a custom Privoxy filter (not just blocking, really altering content) on HTTPS traffic) up on a single machine running Windows? I mean would that then act as both the STunnel client/server and the Privoxy proxyserver?

Any guidance would be greatly appreciated!

ropstah

Posted 2017-12-17T17:14:49.520

Reputation: 341

1I've used nginx as a web proxy before. The configuration is easy and I think on a question in stackoverflow, though I forgot where. Setup the SSL cert on nginx and send all requests to the server, and host it locally where nginx can reverse proxy it. You can add the client ip or whatever you want from the request to the headers and change the content on the server. – ytpillai – 2017-12-17T17:29:51.513

@ytpillai - i don't understand this... Let's say I setup nginx in a Docker container on my local machine. Should I then configure the local machine to use the exposed endpoint/port on the Docker machine (pointing to nginx) as a proxyserver? Where does Privoxy come into play here? – ropstah – 2017-12-17T17:34:24.770

Answers

I think nginx is your answer. http://nginx.org/en/docs/windows.html

You can setup your SSL cert on there and have all clients connect to it. Then just reverse proxy the request to local host (no need for ssl here since its just local), and add client headers onto the local request.

Clients can tunnel into nginx (which is technically a web server in itself) and nginx will reverse proxy domains or ips as necessary.

Then you can use https://github.com/justcoding121/Titanium-Web-Proxy as a traffic interceptor and send all traffic to it.

ytpillai

Posted 2017-12-17T17:14:49.520

Reputation: 175

Just added a comment, I can also install nginx for Windows I see. But then what? Where does Privoxy come into play here? What should I set as proxy server in my Windows Network Configuration? – ropstah – 2017-12-17T17:35:49.670

1Don't think you need Privoxy here since nginx itself can act as your reverse proxy. Looks like your best approach is whitelisting certain protocols and websites, so you can set your reverse proxy rules to allow only certain locations and protocols and deny everything else (default rule config equivalent to default deny all). Not necessary to have a separate proxy server unless you want to filter egress traffic too. Then you can have a physical pfsense firewall setup as a bridge for your network to your machine and make it the proxy server. – ytpillai – 2017-12-17T17:38:24.290

1Nginx can proxy a request and a response to a specified location, and that seems to be what you have requested. And yes, just read the other comment, only nginx should be exposed. Keep in mind that the most, most secure solution is always a physical firewall if you are worried about malware ridden traffic too, since those are specifically built for that purpose. – ytpillai – 2017-12-17T17:42:05.443

The thing is that Privoxy provides functionality to 'match' certain hosts/urls through patterns and apply filters (Perl script regex replacements) on responses it serves back. You seem way more literate on networking than myself so I'm going to assume Nginx can either "transform" responses from a https connection or forward those to Privoxy again to do the transformation. Hopefully the configuration for each of these 'services' will speak for itself (regarding the request pipeline) because I really have no idea on why this works and why Privoxy doesn't support https transformations.. – ropstah – 2017-12-17T18:20:29.710

Just to make sure, is this what's going on: Nginx forwards incoming https requests and returns those as http responses? – ropstah – 2017-12-17T18:35:58.067

So essentially, nginx is acting as a bridge between the client and the server. Client connects to nginx via https, nginx clones the same request and sends it to local server if reverse proxying via http , then receives the response via http and sends to client via https. I'm suggesting it as an alternative to Privoxy because it supports all the features you mentioned you need. For example for matching hosts and URLs, nginx has a search syntax in its location property of a rule. – ytpillai – 2017-12-17T18:47:01.027

If you want to serve just a normal index.HTML or php file, then type in the root folder and filename of the entry point. This should help https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms

– ytpillai – 2017-12-17T18:47:48.327

Let us continue this discussion in chat.

– ropstah – 2017-12-17T18:51:36.310

just to make sure: I don't want to "serve" any files or data, just proxy. When I make a request using a browser to e.g. https://google.com it should be transformed before it gets sent back to the browser. – ropstah – 2017-12-17T18:57:52.400

As discussed in the chat, nginx is not neccessarily the solution but your lead to https://github.com/justcoding121/Titanium-Web-Proxy helps me to get a little further. To be continued! – ropstah – 2017-12-17T19:30:10.810

Privoxy can filter SSL (https) after a fashion. See Privoxy FAQ on SSL.

cstanke

Posted 2017-12-17T17:14:49.520

Reputation: 1

Welcome to Super User! Whilst the link may provide an answer the question, it would be preferable to include the essential information for the answer here, and provide the link for reference. Thanks!

– bertieb – 2018-08-28T17:30:12.203