Tag Archives: proxy

Mac OS X Mac OS X Server Network Infrastructure Ubuntu Unix

Clear Squid Proxy Caches

Every now and then you run into a problem with a caching server that causes you to need to clear out the cache. If running Squid, you can look in the /etc/squid/squid.conf configuration file and find a setting in that file called the cache_dir, which is a path. For example, we’ll use /var/squid/cache in this article.

squid_logoYou can clear the cache of a Squid proxy then, by deleting that directory:

rm -Rf /var/squid/cache

Then recreate the cache directory:

mkdir /var/squid/cache

Then run squid with a -z option:

squid -z

Then fire up squid again:

squid

iPhone

Restricting Access To Sites On iOS Devices

One of the more common requests we get for iOS devices is to restrict what sites on the web that a device can access. This can be done in a number of ways. The best, in my experience, has been using a proxy.

In Apple Configurator 1.2 there’s an option for a Global HTTP Proxy for Supervised devices. This allows you to have a proxy for HTTP traffic that is persistent across apps.

Each Wi-Fi network that you push to devices also has the ability to have a proxy associated as well. This is supported by pretty much every MDM solution, with screens similar to the following, which is how you do it in Apple Configurator.

The above has I am all about layered defense, though. Or if a proxy is not an option then having an alternative. Another way to disable access to certain sites is to outright disable Safari and use another browser. This can be done with most MDM solutions as well as using a profile. To see what this would look like using Apple Configurator, see the below profile.

Now, once Safari has been disabled, you then need to provide a different browser. There are a number of third party browsers available on the App Store. Some provide enhanced features such as Flash integration while others remove features or restrict site access.

In this example we’re using the K9 Web Protection Browser. This browser is going to just block sites based on what the K9 folks deem appropriate. Other browsers of this type include X3watch, Mobicip (which can be centrally managed and has a ton of pretty awesome features), bSecure (which ties in with their online offerings for reporting, etc) and others.

While this type of thing isn’t likely to be implemented at a lot of companies, it is common in education environments and even on kiosk types of devices. There are a number of reasons I’m a strong proponent of a layered approach to policy management for iOS. By leveraging proxies, application restrictions, reporting and when possible Mobile Device Management, it becomes very possible to control the user experience to an iOS device in such a way that you can limit access to web sites matching a certain criteria.

Mac OS X Mac Security

Using Tor with Mac OS X

Tor is a tool that can be used to proxy your online communications between multiple, randomly selected, global providers effectively anonymizing your Internet traffic. Tor is a free anonymizing service, but doesn’t also encrypt your traffic.

Privoxy is a non-caching proxy that also has a certain amount of filtering built into it. Many may use privoxy to do adware removal. But it can also be used to filter information for Tor. Installers are available at http://sourceforge.net/projects/ijbswa/files. Once you have installed privoxy you can access the configuration page at http://www.privoxy.org/config/. Because privoxy is a command line tool, you can also access the help page for that using the following command (using privoxy as your working directory):
privoxy –help

By default privoxy will install the following files on your system:

  • /usr/sbin/privoxy
  • /etc/privoxy/config
  • /etc/privoxy/match-all.action
  • /etc/privoxy/default.action
  • /etc/privoxy/user.action
  • /etc/privoxy/default.filter
  • /etc/privoxy/user.filter
  • /etc/privoxy/trust
  • /etc/privoxy/templates/*
  • /var/log/privoxy/logfile

But you don’t have to install any of that.  Or use it manually – you can, but you don’t have to.  You can download the Vidalia Tor installer bundle, which will install privoxy, Vidalia, Tor and the Torbutton extension for Firefox. The installer package can be run choosing all of the defaults and then will need a reboot. Once complete, open Firefox (the first time it will install the extension, quit Firefox and then reopen it to activate it) and you’ll see Tor Disabled in the lower right hand corner of Firefox. You’ll then be able to click on it to switch over to using Tor from within Firefox. Click on it again and it will disable Tor again.

Overall, this is a nice and sleek design for obtaining anonymous web communications. Obviously, if you use it to log into your Twitter account, that’s not anonymous. But browsing and posting to sites does not link back to your IP address, which is one key aspect of Tor. You’re also still connecting over standard protocols. Again, Tor does nothing to encrypt data – it is a service dedicated to anonymity.

Final Cut Server

Final Cut Server: Using Amazon S3 for Archival

Final Cut Server allows you to archive the primary representation (or the original file) for assets that are cataloged.  When you do so, the proxy clips (low resolution versions) of your assets still live on the Final Cut Server.  However, the primary representation, once moved to your archive device can then be archived off to another form of media.

There are a variety of strategies to manage archived media. The one I will describe here is using the Amazon S3 storage service at a cost of approximately $.12 to $.15 per gigabyte. As a conduit to and from Amazon S3 we will use the Jungle Disk application, which uses the Amazon S3 API to provide a mount point to Mac OS X.  Before you get started, first create an Amazon account (or enable Amazon Web Services for your existing Amazon account).  Once you have enabled Web Services, click on the link that will be emailed to you that allows you to create an Access Identifier. Also keep in mind that file sizes cannot be larger than 5GB per file.

To get started, download Jungle Disk from http://www.jungledisk.com. Once downloaded, run the installer. At the welcome screen click on Next.  At the Jungle Disk Account Information screen enter the Access Identifier and the Secret Key for your user account.

Next, tell Jungle Disk to use the storage from Amazon as a Network Drive. Here, I gave this drive a name of FCSBackup.

Next, create a new bucket (or use one you have already created).

To create a new bucket, click on Next. At the Bucket Setup screen provide a name for your bucket of storage within S3.  I called my bucket fcsvrbackup.  Here you can use standard or high encryption. Speeds will be reduced with high encryption but the data will be more secure. Click Next when you are satisfied with your settings and then click on Finish to complete the installation.

Next, for speed we’re going to do a little quick tuning.  Open the Jungle Disk Configuration application and then click on Network Drive for the fcsvrbackup bucket.  Then increase the maximum cache size and check the box for Upload files in the background for faster performance.

Next, open /Volumes and verify that you see your fcsbackup (or whatever you decided to name the volume).  Alternately you can use the Bucket menu from within JungleDisk Monitor to click on Show Network Drive in Finder.  Once you have verified that your mount is there, test copying data to the folder to verify that you have full write access. Once you are finished, open the Final Cut Server System Preference pane. Then click on the plus icon (+) to bring up your Device Setup Assistant.

Here, click on the Local Device type and click on Continue.  

Next, open a Finder screen and open /Volumes/ (Command-Shift-G).

Now drag the FCSBackup over to the location field in the Device Setup Assistant and provide a name for your Final Cut Server to refer to your Device as (I used Amazon Backup here). Now click Continue.

Next, check the box for Enable as an Archive Device and click on the Continue button. At the next screen, click Finish.

Now go to your trusty Final Cut Server client application and control click (or right click if you’re so inclined) on an asset. Here, you will click on the Archive item in the dialog box.

Now, if you go to the FCSBackup volume you should see the file you decided to archive. These will be stored in a folder that corresponds to the device ID that Final Cut Server has for your “device”. Only the primary representation has been moved at this time, so your proxy media for these files is still in your proxy bundle. Now, click on the asset within the Final Cut Server client application and then perform a get info (Command I). You will now see the relative path to your device that the file is in. You can now unmount the FCSBackup drive and you will still be able to access the file. Once you have uploaded some files, tap into Amazon and check out how much they’ve charged you…

Mac OS X Mac OS X Server Mac Security Windows XP

ProCon Firefox Plug-in Filter

Firefox users who wish to filter browsing (eliminate filtered words, etc) can use ProCon Latte, a Plug-in for Firefox.  ProCon is available at https://addons.mozilla.org/en-US/firefox/addon/1803 and can easily be deployed alongside Firefox.