Being ultra paranoid about using other peoples Wifi connections I’ve come up with a solution to make things a little safer. Its by no means new having been around for quite a while but it works well. Ive setup Apache on my web server to act as a proxy server for connections originating from 127.0.0.1. I then create a secure tunnel from my local machine using SSL and direct my web browser to connect using my new secure Proxy. This is great for extra security when browsing the internet and checking emails on insecure wifi networks.
If you want to setup your own Proxy you’ll need Apache installed with mod_proxy, mod_proxy_http and mod_proxy_ftp, you’ll also need ssh access to a server thats secure. Once Apache and mod_proxy are installed you need to add the following lines to your Apache config file.
ProxyRequests Off
Listen 127.0.0.1:80
<VirtualHost 127.0.0.1>
ProxyRequests On
ProxyPreserveHost On
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /tmp/proxy_log common
</VirtualHost>
The proxy requests off line is very important as you dont want anyone else who cant connect to 127.0.0.1 from using your proxy server.
Once you’ve done that you just need to setup your SSH tunnel
ssh -p 22 user@yourserver.com -N -f -L 127.0.0.1/4444/127.0.0.1/80
This will connect from your computer to the sshd server on port 22, listen on the local port 4444 and connect to your proxy running on port 80 on 127.0.0.1 on your server. Once that has been done just change your Browser Proxy Settings to connect to 127.0.0.1:4444
Your setup will go from looking like this where your data is being sent over an insecure wifi connection
A normal browsing using a WiFi enabled laptop
To this setup where your data is encrypted via a tunnel and passed to a server that is connected to the internet.
Browsing using an SSH tunnel and Proxy server via WiFi
Now your crummy wifi connection is a little bit more secure (for all requests over the proxy at least)…