Ultimate Security Proxy With Tor

Ultimate Security Proxy With Tor

Ultimate Security Proxy With Tor

Nowadays, within the growing web 2.0 environment you may want to have some anonymity, and use other IP addresses than your own IP. Or, for some special purposes – a few IPs or more, frequently changed. So no one will be able to track you. A solution exists, and it is called Tor Project, or simply tor. There are a lot of articles and howtos giving you the idea of how it works, I’m not going to describe here onion routing and its principles, I’ll rather tell you how practically pull out the maximum out of it.


Squid Proxy

Squid Proxy is an Open Source Proxy that could be configured in different ways, it is the standard for the open source proxies because it is widely developed and used. Here we will configure it as a Cache Proxy, where the request will be served from the cache if it is available saving bandwidth and increasing the rendering velocity of the page, obviously not everything it is cached for lot of reasons but it will increase the perception of the page velocity. This proxy will perform a basic security that will allow or deny networks and devices on your network to use the proxy, will allow or deny protocols and will define the cache storage, this proxy will listen on the port 8080.

It is recommended to visit the site and read the documentation because it is pretty flexible and could be pretty difficult to configure.



Privoxy is a non-caching proxy with an advanced filtering capabilities, HTTP header modification and access control. Once the requests are filtered by Squid there will be passed to Privoxy that will filter and modify the HTTP headers to enhance the privacy. It is also recommended to read the documentation because it is also very flexible and could lead to errors in the configuration or simply the privacy was raised to high that it does not allow the pages to render well in your browser.


TOR (The Onion Routing)

TOR is a network of relay nodes that conform a network that is used to route your packet through encrypted links, with this type of routing the packet is difficult to trace because the sender of the packet is not your computer but the exit node of the TOR network, also the communication between your computer and the entry node is encrypted as the links between relay nodes the only link that is no encrypted is the last one between the exit node and the receiver. This permits a certain level of anonymity while surfing Internet, also could be used to circumvent basic geo location detections implemented on webpages or servers because the relays nodes could be anywhere in the world so for the receiver the location of the source is the location of the TOR exit node. You could learn more about TOR here.



For the installation we are going to need an Ubuntu server up and running with OpenSSH configured, I am going to use Centos Server 6.8.

Installing squid, privoxy and tor




Squid has all the configuration files in the following directory /etc/squid/ while the cache directory is located at /var/spool/squid and the logs are located at /var/log/squid

First of all we need to configure squid to do this we should edit with your preferred text editor (nano, vim, etc..) the configuration file located at /etc/squid/squid.conf but that file it is very verbose so it is better to save a backup of the original configuration and create just another file by issuing the following commands:

Then use the following configuration:



Once Squid is configured we need to configure Privoxy, the config files are located in the path /etc/privoxy/config lets make a backup of the configuration and create a new configuration with this commands:

Then copy the following configuration:


The most important part of the configuration are the action and filter files, that are located on the same directory as the configuration, on this files you could set how restrictive will be privacy, you could edit this file manually or through a web interface by going to http://config.privoxy.org/show-status only when your browser is set to use the squid proxy (go to the Client Configuration section to learn more)

There are three action files on your system:

  • match-all.action: This file contains all the actions applied to all the sites requested
  • default.action: This file contains the actions that should be applied by default to certain type of traffic, for example ad blocking, deanimate gifs etc… in certain domains or sites
  • user.action: This files contains the actions defined by the user


We are going to edit the match-all.action files to add a features that is not on by default and could lead to leaks about the type of browser and system you are using, that information is managed in the http request header by a field called user-agent (Go to http://en.wikipedia.org/wiki/User_agent and http://www.user-agents.org/ to learn about user agents), so to change the user-agent we are going to edit the match-all.action file and add a command, to do that issue the commands below:

On the file add the command:

Before the closing curly bracket, the final match-all.action file should be:


The Onion Router (TOR)

Now that we finished with the Privoxy configuration now we need to setup TOR, TOR will be configured as a SOCK5 Proxy listening locally on port 9050, that means that it is not only going to work as an HTTP server but it will also going to handle other types of TCP connections, to do that you should edit the configuration file /etc/tor/torrc by issuing the command:

at the end of the film please add the following configuration:


With this configuration we are using the TOR network with all the exit nodes located in the US, allowing us to circumvent the basic ip address geo location checks. The last step to do is to restart all the service to do this issue the following commands:

To see if all is working issue the command:

You should see that the system is listening on the ports 8080, 8118, and 9050




  1. vpsget.com
  2. howtoforge.com
  3. squid-cache.org