Hi,
I need to use pound as a reverse proxy but not for load balancing this time.
My situation is that I'm from a country that the government here block
websites !
They recently blocked a website that is very important for my friends and
me, and it does not function probably with proxy bypassing websites that
uses scripts like CGIProxy or Phproxy.
The good thing is that I have a dedicated server in the United States. Well
I have some prior experience with Pound when I used it to run Ruby On Rails
with mongrel, but now I'm unable to get the following thing done:

A user requests newdomain.com (which is registered by me and connected to my
server) ---> Pound will get the content of www.theblockedwebsite.com and
deliver it to the end user ---> The browser's URL remains
newdomain.combecause if changed the user will get the ugly "Access
Denied" page.

I did the following basic configuration and it partially worked:

--------------------------------------------

ListenHTTP
        Address 69.89.**.**  ## my server's ip address
        Port 80

        Service

        backend
        address theblockedwebsite.com
        port    80
end
End
End

-------------------------------------------

This scenario didn't fully work because the blocked website uses sub-domains
and I couldn't get them to work correctly.
When you request www.theblockedwebsite.com, it looks for
subdomain.theblockedwebsite.com and gets content from there but in the URL
in the browser remains: theblockedwebsite.com.
In other situations the website uses sub-domains and they do appear in the
URL bar.

Can this be done using Pound? Or should I look for solutions like Squid or
Apache's mod_proxy?

Your help is highly appreciated.

Best Regards
[...]

> Can this be done using Pound? Or should I look for solutions like Squid
or[...]

Something like Squid or a socks proxy is going to work better.  OpenSSH 
has a dynamic forwarding proxy that should fit the bill as well, and its 
probably the easiest for you to use privately.  Look at the '-D' option 
in recent releases.

Regards,[...]

Thank you Dave for your help, I might consider OpenSSH or Squid very soon
but now I feel that I'm very close to get this done.
I thought that the problem was that the blocked website gets its content
transparently from a sub-domain but I found this to be incorrect, right now
I am able to access any website through the configuration I've previously
posted EXCEPT the website of my interest.

I mean when I do:

----------------------------------
        Service
        backend
        address somedomain.com ## any domain you can imagine
        port    80
---------------------------------

I can successfully access and surf the content of that domain with no
problems at all (including domains blocked by the government) . The problem
is with the specific website I need to reach, in Firefox I get the following
message:

"
The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this
address in a way that will never complete.

    *   This problem can sometimes be caused by disabling or refusing to
accept
          cookies.
"

The question now is: Does pound refuses cookies coming from backends? If so,
why can I access any other website through the same configuration? How can I
get Pound to accept cookies coming from that website? Or do you think that
this problem has nothing to do with cookies at all? So what is it?

This problem is driving me crazy :( all websites in the world can be
accessed and successfully served by my server except the website I need. Any
idea about the Firefox message?

Regards

On 22/12/2007, Dave Steinberg <dave(at)redterror.net> wrote:[...]

[...]

>     *   This problem can sometimes be caused by disabling or refusing
to[...]

"can sometimes", not very strong language eh?
[...]

Pound doesn't care about cookies.  If you want to diagnose the redirect 
issue, I would recommend the LiveHTTPHeaders plugin for FireFox.  It 
usually helps a lot.
[...]

I think you'll find much less of a headache with Squid or OpenSSH. 
Pound can do what you're asking, but it requires manual configuration 
changes for every new site you want to view.  That may be a plus or a 
minus depending on how you look at it, I suppose.  :)

Regards,[...]

Hey Anas,

I can understand your situation, I lived in Thailand for a long time and
they censor the internet. *Very* frustrating!

As somebody else suggested, I'd *strongly* recommend using an SSH -D
(dynamic port forward) as a SOCKS proxy. There are a couple of advantages:
1) The traffic is encrypted, so no snooping
2) You can proxy anything you like, including DNS lookups (which you'll
probably have to do)

The encryption might be a big deal, depending on how hard your government
wants to censor this site. Without encrypting the traffic, it will be
obvious that you're accessing the site on another url and so that url will
probably get blocked. Or, they introduced a law in Thailand that makes it
illegal to bypass the censors, so if there's similar laws, you could face
serious consequences.

You may also be able to setup an SSL certificate on your new domain, which
could add encryption.

If you're using a linux desktop, checkout the tsocks application. It allows
you to launch any other application wrapped in a SOCK proxy. It works
beautifully, I use it for all sorts of stuff from my email to IRC / pidgin /
etc whenever I'm on an open wifi network.

Best of luck beating the censor! :)

Cheers - Callum.

On 22/12/2007, AN(at)S <anas(at)anasonline.net> wrote:[...]

Is this transparent proxies ? I presume it is with content filters -

if its proxy servers that you know ip of then you can use httptunnel and
squid  - you configre httptnnel to connect direct through gov proxy (as long
as you know their IP:port of their proxy(ies) - you would need 1)


Also other  interesting stuff

http://neworder.box.sk/newsread.php?newsid=16160

slipsurf... maybe?


some more browing stuff

http://www.shambles.net/pages/learning/ict/filterbust/


On 22/12/2007, AN(at)S <anas(at)anasonline.net> wrote:[...]