CGIProxy 2.1 Beta 6

What is CGIProxy?

CGIProxy is a basic proxy which you can use to visit other web sites or download from FTP sites using your web browser. You would do this by going to the URL of the installed CGIProxy Script and then typing in the web site you wish to visit in the box on the CGIProxy page. Using this proxy has it's advantages, being that it will then find servers that can connect to servers that you might not be able to without it. There is also some possibility of anonymous web browsing with this script, and even some possible VPN (Virtual Private Network) uses. The proxy is usually transparent, in that it is possible to view web sites without even knowing it's there. Normally there is a box at the top of the visited page which allows you to control some of the settings in the proxy, but this box can also be turned off. The proxy does make pages load slower than normal, but for the added protection of some ad, pop-up, and cookie blocking features, ability to limit servers to visit, ability to ban servers, etc., the short delay is worth it.

Requirements:

To use CGIProxy, you need to be sure your CGI account is set up. Please see How To Request A CGI Account for more information. You will also need to download a copy of CGIProxy. The version used in this tutorial was 2.1 Beta 6. Note that you will also need to use a program that will extract tar & gzipped archives. For Linux users, these programs are built in. Windows users can use PowerArchiver. Note that the online installation utility at does not work with our servers. You'll have to manually install and set up this script (which is quite easy to do).

Restrictions:

Remember that only your main account can access CGI scripts on your server. Any hosting or extra FTP accounts that access these scripts may cause your account to be deactivated and you'll have to contact support.

CGIProxy can work correctly even inside your cgi-bin directory, or in another directory if you choose. It is recommended that this script be placed in your cgi-bin directory unless you decide to limit access to the script using a directory password protection script. If that is the case, please create a separate directory for the CGIProxy, set up the script, then set up the directory password protection script.

NOTE: Advanced features of this script are not for anyone who is not familiar with the Perl scripting lanugage. While this script can theoretically be installed very easily with no knowledge of programming, if you want to take advantage of some of CGIProxy's more advanced features, a knowledge of Perl, at the very least, is required.

Configuration & Installation:

Editing And Configuring CGIProxy (Optional, but please read.)

After downloading and extracting the files to your hard drive, open the nph-proxy.cgi file in a text editor. Please be sure it's a normal text editor and not a word processor. Examples of plain text editors in Windows are EditPlus (which is recommended) and Windows Notepad. In this tutorial, we refer to line numbers frequently, which are an option that can be set in EditPlus. However, some versions of Windows Notepad may not give any indication of line numbers, so you'll need to go by the text that is described, or find a text editor that supports showing what line you have the cursor on. In the Windows XP version of Windows Notepad, you can go to the View menu and click on the Show Status Bar. You'll see in the lower right 'Ln x, Col x' (where x will be a number). The 'Ln' number is the line number.

The file may look complicated, but there is really not much you need to change. You could actually upload it as-is and have it work. Please keep in mind if you are setting up any advanced features that we do not support SSL on your CGI server, so do not set up SSL (ie. https:// access) in CGIProxy.

The user configuration area of CGIProxy is between lines 235 - 1126. There are many options which you can read the information in the file to see if you want to enable a particular option or not.

Allowing and Banning Servers

Genearlly, the only options you may wish to change are the allowing and banning access to different servers on line 499. Reading the instructions will give you an idea how to do this. Note the following examples for more information (@BANNED_SERVERS works the same way, but instead prevents access to the servers listed).

• @ALLOWED_SERVERS= ('^www\.yourdomain\.com$') ;
  
  This allows only access to your http://www.yourdomain.com/ site and no other.

• @ALLOWED_SERVERS= ('\.yourdomain\.com$') ;
  
  Allows access to http://cgi.yourdomain.com/ and http://www.yourdomain.com/ but not http://yourdomain.com/

• @ALLOWED_SERVERS= ('\.yourdomain\.com$', '^yourdomain\.com$') ;
  
  Allows access to http://cgi.yourdomain.com/, http://www.yourdomain.com/ and also http://yourdomain.com/ (which is the 2nd item in the list).

Two things of note here. First off, you can have as many servers as you want in the list to ban or allow. They can be your own domain or other sites, or any combination. It's often preferable to do this if you're not password protecting the directory which has the CGIProxy server, so that others surfing the web can not abuse your script.

The second thing you'll notice is how the domains are listed. Instead of just www.yourdomain.com, you'll see there are symbols intermixed in with the domain name. Basically, each list starts with a caret (^) (unless it's going to be a wildcard domain), then any dot in the domain name is preceeded by a backslash as in \. for example. The last character is always a dollar sign ($). If using a Wildcard Domain, then the first characters should be the \. instead of a ^ as in \.yourdomain\.com$ as mentioned above. Each domain is enclosed in single quotes and not quotation marks. Each domain is also separated by a comma.

Preventing Looping Of Proxy Script

To prevent a common problem of someone accessing the proxy script via the proxy script (also known as looping), you will want to set the $NO_BROWSE_THROUGH_SELF option in like 977 to 1.

Installing The Script

Once you are done setting up the options and have saved the changes, log into your CGI server and upload the nph-proxy.cgi script file to the directory of your choice (do not, however, upload it to your logs directory as that is reserved for server use). You may upload it to your cgi-bin directory if you wish, if you are not planning to password protect the script directory. Remember to set the file permission to 755.

Using the Proxy

Go to your proxy in your web browser. For example, if you uploaded the script to your cgi-bin directory, you would browse to http://cgi.yourdomain.com/cgi-bin/nph-proxy.cgi (replace yourdomain.com with your actual domain name). You'll see a screen with some options and a text box and button. Type in the web address you wish to visit through the proxy and select the options you'd like active while visiting the page, then press the Begin browsing button.

Here is an overview of the options:

Remove all cookies (except certain proxy cookies): Let's you surf and eliminate any cookies you may aquire during your visit to the page.

Remove all scripts (recommended for anonymity): This will render any scripts such as vbscript, javascript, etc. non-functional. Be careful here as some web sites depend on scripts for content and/or navigation. If you're not sure on this, best to leave it on. Also setting your browser to not use Java and/or JavaScript is the best security. Again, this may also restrict use of some web sites.

Remove ads: This will help remove pop-up advertisements that sometimes occur when browsing a web site.

Hide referrer information: This will hide where you were before you arrived at the web site. This may render any 'previous page' or 'back' links on some web pages unusable. You can always use the back button on your browser, however, and it's probably best to do just that.

Show URL entry form: This will let you see a box with these same options on the top of the page you visit, in case you'd like to try visiting another page, or even the same page with different options. Or, you can leave this unchecked to visit the page keeping CGIProxy transparent (as in you genearlly won't know it's there).

Manage cookies: Here you can see a list of cookies you have aquired via CGIProxy and can opt to delete them all or only certain ones.

Restart: (Shown in the lower right of the script page.) This will let you restart the script so that you can enter all new information.

Browsing using CGIPRoxy

As mentioned, if you set the Show URL entry form before browsing to the page, you'll see a box at the top of the page which gives you the following options:

Location via proxy: Type in another page URL here to visit then press the Go button.

Manage cookies: This lets you see and even delete cookies that may have been picked up while visiting the site.

No cookies: Browse a web site and not allow cookies (note that it may be best to set this from your web browser settings, but if your browser doesn't have such settings you can set it here.

No scripts: Disable JavaScript, vbScript and other scripting that may be found on web pages. Again, if your browser has a setting for this, try to use your web browser settings instead. However, this setting may also help you stay anonymous, which many web browsers can't do.

No ads: Helps block pop-up ads and other annoying advertisements.

No referrer: Will block sending information about the last page you visited.

Show this form: Allows you to see (or if unchecked, not see) the CGIProxy box at the top of the page.

Advanced Configuration:

There are many other settings you can change in the nph-proxy.cgi file. Below are a few of them that you might find interesting. Please read through the User configuration area between lines 235 and 1126 in the nph-proxy.cgi file for more information and also the CGIProxy web site may be of some interest.

$TEXT_ONLY= 0 ; (line 242): Set this to 1 if you want to browse the web in a text only mode, meaning not allowing the viewing of any images, etc. Note that you'll want to set $RETURN_EMPTY_GIF= 1 ; as well so that any GIF images will be replaced with a 1 pixel by 1 pixel transparent GIF image. This is actually usually set to 1 by default but keep this in mind if you decide to change the settings.

@ALLOWED_SERVERS= () ; and @BANNED_SERVERS= () ; (lines 499 and 500: See above installation instructions on how to use these two settings. These let you ban or allow only certain servers to be accessed through CGIProxy.

@BANNED_NETWORKS= ('127.0.0.1', '192.168', '172', '10', '169.254', '244.0.0') ; (line 532): This is a list of IP addresses to networks which you do not want to access through the CGIProxy. Note that if you're using this behind a firewall then it's strongly recommended that this have some IP addresses set. In fact, some are set by default and you shouldn't need to change them unless you wish to add other IP addresses to the list.

@BANNED_COOKIE_SERVERS= () (line 549): You can add to this list of servers that like to place cookies on your hard drive. A list is already given by default and contains known advertising servers. If you find others you'd like to add, you can add them here.

$NO_COOKIE_WITH_IMAGE= 1 ; (line 568) This will restrict all cookies to text-only. Any cookie that wishes to return an image as well, will not be allowed or accepted.

@ALLOWED_SCRIPT_SERVERS= () ; and @BANNED_SCRIPT_SERVERS= () ; (lines 578 and 579): These are servers which run scripts (such as cgi.yourdomain.com can also be considered a 'script server' for instance). You can add servers in the same way you do for the @ALLOWED_SERVERS and @BANNED_SERVERS.

@BANNED_IMAGE_URL_PATTERNS= (); (line 597): This is a useful setting where you can add URLs where some advertisements come from. Some are already listed by default, but if you find an ad you're offended by or don't want to see, you can add it's URL here. To get that URL you may have to view the source code in your browser to find the URL or right click on the ad and choose "Copy Location" or similar.

$RETURN_EMPTY_GIF= 1 ; (line 632): As mentioned above, this will replace any GIF image with a 1 pixel by 1 pixel transparent GIF.

$RUNNING_ON_SSL_SERVER= '' ; (line 740): Please do not set this! This should be set as blank as shown here. This is because we do not have SSL support for CGI servers at this time.

$MINIMIZE_CACHING= 0 ; (line 843): If set to 1, this may (no guarantees) prevent pages you visit from being stored in your browser cache or downloaded to your computer. This might help if you're surfing the web through a computer in a cybercafe or similar public computer system. You may also be able to set this in your web browser if you are on your work or home computer.

$SESSION_COOKIES_ONLY= 0 ; (line 862): This is useful if you're surfing the internet from a public computer. If set to 1, all cookies you recieve will be expired as soon as the browser session ended, so that they will not be remembered by the browser.

$USE_PASSIVE_FTP_MODE= 1 ; (line 904): By default this is set on and will work in most situations. But if you are having problems with connecting and/or using FTP via your web browser through CGIProxy, you may want to change this value to 0.

$SHOW_FTP_WELCOME= 1 ; (line 913): This is useful when you want to watch the connection to the FTP server, in case you are having problems. This is set on by default.

$ENCODE_URL_INPUT= 0 ; (line 960): Setting this to 1 will help keep your visit more anonymous when you type in a URL to visit through CGIProxy.

$REMOVE_TITLES= 0 ; (line 967): If you're browsing a public system or any system that incorporates censoring software, some of these software programs may determine whether or not to block your access by looking at the web page title. Setting this to 1 may let you view the site anyway.

$NO_BROWSE_THROUGH_SELF= 0 ; (line 977) This should normally be set to 1 though at default it's set to 0. This will stop people from looping which would be done by entering the URL to CGIProxy itself. If this happens then setting this to 1 will help stop the looping in some instances.

$NO_LINK_TO_START= 0 ; (line 983): This may stop search engines from finding the start page (ie. The nph-proxy.cgi page) so that other people would not be able to use your proxy (or potentially abuse it).

Lines 1046 - 1126: These last lines include places to add more mime types and non-text file extensions.

NOTE: That these are just some of the features. There are others not mentioned here which you can read more about in the nph-proxy.cgi file for more information and to determine how to set them up.

Troubleshooting:

I get a blank page when I go to my nph-proxy.cgi page.

This is common if you have forgotten to set the file's permission to 755 when you uploaded it. It can also be because you did not have a setting right or there is a syntax error in one of the settings you changed. Common mistakes include not using single quotes around URLs, or not following the proper syntax in the @ALLOWED_SERVERS and similiar settings. If setting the file permissions did not correct the problem, go back over the changes you made to the file and correct any mistakes, reupload the file and reset the file permissions to 755 in necessary, then try again.

Features of the CGIProxy either don't work at all or not as expected.

Be sure you have the settings correct. Some settings may depend on others to be set as well. Read the comments carefully in the file before the settings to be sure you have all relevent options set correctly.

Support:

If you have any problems or questions please consult the CBIProxy web site.

Active Web Hosting may not be able to provide support for this program or it's installation.