Help Iran With A Proxy Server

Last modified on June 16th, 2009

As many people know, there are protests going on in Iran, and the Iranian government is actively trying to stop the flow of information both in and out of the country. Twitter has been instrumental in helping getting the word out about what is going on there, so much so that they recently postponed a critical maintenance period simply so Iranian users could continue to use the service. A few hours ago I saw some requests on Twitter from Iranians asking for international proxies such that they could continue to use the Internet.

Creating the AMI on EC2

Given that I have an EC2 account, and that setting up a proxy isn’t too difficult, I decided to set one up. If you’ve never used EC2 before, this is a great primer article, so I’m not going to do an EC2 tutorial here.

First thing I did was to fire up a Fedora core image using my generated key-pair:

ec2-run-instances ami-225fba4b -k ec2-keypair

Then I logged into that instance as root so that I could configure the proxy server:

ssh -i ec2-keypair root@ec2-174-129-169-124.compute-1.amazonaws.com

You’ll have to substitute your own instance identifier for the login information, which you can get using the command ec2-describe-instances.

Once inside, I went about editing the httpd.conf file in the /etc directory. I activated the proxy server and restricted access to Iranian IP addresses only, which I found on various lists on the Internet. The actual blob I added can be found here.

I then restarted Apache, and proceeded to test it using Safari on my local machine (I also added my public IP address to the Allow list). It seemed to work like a charm.

Next step is to allocate a public IP using EC2. This can be done using the following command:

ec2-allocate-address

You’ll then get a public IP address. All that’s left is to assign it to your running instance using a command like:

ec2-associate-address -i i-5d478934 some-ip-address

At that point you’ll have a public web proxy on port 80 that will only allow proxy connections from Iranian IP addresses.

I did a quick Google and found a few people begging for an AMI image to do this for Iranian users, so I’ve bundled one up and made it public. In theory you’ll just have to launch a new instance based on this AMI, and assign a public IP address to it. Everything else should be taken care of. Remember to only distribute proxy IP addresses privately, as Iranian officials are blocking them as they find them.

The AMI that does this is ami-a37b9dca. If you have any problems, drop a comment.

Update – apparently I accidentally included my cert file in the AMI. I’ve since regenerated it, so it can’t be used for anything. The AMI still works fine though, so feel free to use it.

How does it work

Once you setup a proxy server and give the IP address to someone, they can simply set that IP address as their web proxy. For example, in Safari you set it in Network preferences:

For everyone outbound request, the browser will contact the proxy instead and ask it to grab the actual information itself and forward it along. That way, if a service such as Twitter is blocked, the proxy will get the information from Twitter itself and forward it onto the client. So once you have a public IP address associated with your EC2 instance, simply get that into the hands of someone in Iran, and they’ll be able to use your proxy server to access sites on the Internet that are blocked in Iran.

21 responses to “Help Iran With A Proxy Server”

  1. Gary Jones says:

    But now this makes it easier for people to do fraud purchases to.

    I would not suggest opening up a proxy to just anyone you don’t know.

  2. Duane Storey says:

    It’s only for a day or two, and the IPs are all limited to Iranian IPs. Plus, the IP is only sent to those people looking for a proxy on Twitter. It could be abused, but I’m watching the usage and can shut it down fairly quickly. I think the benefits far outweigh the risks in a situation such as this.

  3. Gary Jones says:

    There was someone on FB telling everyone go out and add proxies to there site. I can see them not monitoring them as closely as you 😉

  4. Jessie W says:

    Proxy servers are not discovered by the fact that the name is published. They are discovered at the network level by equipment that checks the IP address and tries to log into it. If it can connect it knows it’s a proxy and the proxy is blocked. The odds are, if a proxy like this is working in Iran it’s run by the Iranian government to entrap people. They can block any proxy they want the first time someone uses it without any human intervention. This kind of advise is going to cost people over there.

  5. chernevik says:

    I’m interested in doing this with a box I’m using as testbed as I learn to run a server. Questions:

    – The box is a cheap homebuild and connects to the ‘net through an openwrt router on cheap home hardware. Is this going to be fast enough to make a difference?
    – How can I monitor usage for abuse, and throttle abusive usage?
    – Is there any way to message the proxy’s users to advise them of issues like upcoming outages, etc?

  6. Duane Storey says:

    I’m sure it’s fast enough for checking Twitter or whatever. In terms of monitoring, I’m not really sure. If your router supports a monitoring protocol you can check it that way. Otherwise maybe your ISP has a way for you to view it. Given that proxies go up and down so rapidly, I don’t think you’d have any problems taking yours down for maintenance from time to time or whatever.

  7. Hey Duane

    Thanks for this post. As you probably know, I’m currently living in China and until now have been making use of TOR and FoxyProxy to access websites that have been blocked by the “Great Firewall” over here. Whilst this solution works, TOR is not exactly fast and I have been looking around for other speedier methods of accessing websites via a proxy.

    Most pay-for proxy services are charged per month or per year – despite the fact that they are not being used all the time. Your solution is a beautiful “on demand” way of getting cheap, fast proxy access when it is needed with no charges when the proxy is not being used.

    I have set up a bash script on my ubuntu box that automatically gets your custom AMI up and running – but instead of allowing Iranian IP addresses, it allows only the IP address of the computer that started the instance. Once running, the script then creates an openssh tunnel through to the instance which can be used by Firefox or any other appliction to forward http traffic and bypass any blocklists.

    So I can now get a proxy up and running in less than a minute and am charged at a rate of $0.10 an hour plus upstream and downstream bandwidth (very cheap). A big thank you for your inspiration and for the pointers in your post regarding configuration of the httpd.conf file! If anybody is interested in how the bash script works, give me a shout 🙂

  8. Duane Storey says:

    Hey, that’s great! Actually, I found out after the fact that Amazon frowns on public proxy servers on EC2. While my solution isn’t exactly public, it’s not exactly private either. Your solution I think would fit the bill as a private solution, so it would be great if you can post your scripts or something somewhere. Or email them to me and I’ll tack them on the post.

    Thanks!

  9. joy roberts says:

    ALtho i admire the spirit behind this in helping IRAN through this drama of their own, I do worry about net security as my computer was hijacked not long ago, and as far as I know it still is….i wouldn’t feel comfortable doing it with my limited internet security background…however I applaud those of you who can do this. Thanks for making a difference in the world.

  10. Rachel says:

    Now, I don’t know much about how proxy servers work, so please forgive me if this question is a little ridiculous. But would it be worth asking establishments, such as universities (especially those with Iranian students) to contribute proxies? I think, but again may be wrong, that some universities use them to allow students access to online journals and so on. My university doesn’t, but perhaps they could set something up? It’s now outside term time, so the servers are probably not working anything near full capacity. I want know if this is worth trying. Please let me know.

  11. Duane Storey says:

    In this scenario though, the proxy servers have to be located outside of Iran, since Iran is blocking IP addresses locally. So you would need universities in other countries to contribute proxies, which is a possibility.

  12. Rachel says:

    That’s what I was thinking. I’m in England, working at a university. Our Iranian students have voiced their support for the protests and I’d like to think that the university would support them and that other educational establishments would do the same. Would being able to pursuade them to set up a proxy server be worthwhile?

  13. Congratulations and thank you Duane. It is heartwarming that you can help in what may turn out to be an amazing creation of a new Iran.

    I do not have a server but can I help with just a home computer?

  14. I’ve sent you an email Duane – feel free to make any changes to the script and to link to the files in my Dropbox or host the script on your own webserver. Hope this can make things straightforward for anyone else wanting to setup their own private proxy server.

  15. Iranian says:

    Thank you so much for helping young Iranians bypass their oppressive regim’s Internet ban.

    The government has taken Iran for hostage.

    Is it okay if I post this page on Twitter?

  16. Jeremy says:

    Hi Duane, I have a proxy ready to go. How can I get this address to the people who need it? Jeremy

  17. Parham says:

    Thank you all guys. We do really appreciate your help. Hope we could preserve the republic and speed up the democratization in our Iran. Wish luck for the National Iranian Green Movement.

  18. Pooya IRANI says:

    Guys I appreciate all ur work for us and ur support for IRANIAN.
    Duane thanks for everything.

    if anything (proxywise) comes up plz email it to me
    p681989@yahoo.com
    if u wanna see my legimicy for getting the proxy search : pouya mazaheri in facebook !
    THANKS AGAIN and i appricite it if u guys email me with the new proxy i kinda get it out here and i ran out they kinda blocked them all !

  19. […] charged when you actually use the server and for the amount of bandwidth used. I then came accross a post on Duane Storey’s blog which described how he created an Amazon EC2 instance which could be used to make a proxy server […]

  20. I have now written a detailed blog entry on automating the setup of a private Amazon EC2 proxy server using a shell script. More info here: http://bit.ly/4qr3w

  21. mani says:

    as an Iranian I would have to thank you for all your support and help believe me that nothing goes unnoticed

Leave a Reply

Your email address will not be published. Required fields are marked *