This is just amazing. In 20 lines of node.js code and 10 minutes of time I was able to write a HTTP proxy. Take a look:

var http = require('http'); http.createServer(function(request, response) { var proxy = http.createClient(80, request.headers['host']) var proxy_request = proxy.request(request.method, request.url, request.headers); proxy_request.addListener('response', function (proxy_response) { proxy_response.addListener('data', function(chunk) { response.write(chunk, 'binary'); }); proxy_response.addListener('end', function() { response.end(); }); response.writeHead(proxy_response.statusCode, proxy_response.headers); }); request.addListener('data', function(chunk) { proxy_request.write(chunk, 'binary'); }); request.addListener('end', function() { proxy_request.end(); }); }).listen(8080);

And it scales well, too. It's not a blocking HTTP proxy, it's event driven and asynchronous, meaning hundreds of people can use simultaneously and it will work well.

To get the proxy running all you have to do is download node.js, compile it, and run the proxy program via the node program:

$ ./configure --prefix=/home/pkrumins/installs/nodejs-0.1.92 $ make $ make install $ PATH=$PATH:/home/pkrumins/installs/nodejs-0.1.92/bin $ node proxy.js

And from here you can take this proxy wherever your imagination takes. For example, you can start by adding logging:

var http = require('http'); var sys = require('sys'); http.createServer(function(request, response) { sys.log(request.connection.remoteAddress + ": " + request.method + " " + request.url); var proxy = http.createClient(80, request.headers['host']) var proxy_request = proxy.request(request.method, request.url, request.headers); proxy_request.addListener('response', function (proxy_response) { proxy_response.addListener('data', function(chunk) { response.write(chunk, 'binary'); }); proxy_response.addListener('end', function() { response.end(); }); response.writeHead(proxy_response.statusCode, proxy_response.headers); }); request.addListener('data', function(chunk) { proxy_request.write(chunk, 'binary'); }); request.addListener('end', function() { proxy_request.end(); }); }).listen(8080);

Next, you can add a regex-based host blacklist in 15 additional lines:

var http = require('http'); var sys = require('sys'); var fs = require('fs'); var blacklist = []; fs.watchFile('./blacklist', function(c,p) { update_blacklist(); }); function update_blacklist() { sys.log("Updating blacklist."); blacklist = fs.readFileSync('./blacklist').split('

') .filter(function(rx) { return rx.length }) .map(function(rx) { return RegExp(rx) }); } http.createServer(function(request, response) { for (i in blacklist) { if (blacklist[i].test(request.url)) { sys.log("Denied: " + request.method + " " + request.url); response.end(); return; } } sys.log(request.connection.remoteAddress + ": " + request.method + " " + request.url); var proxy = http.createClient(80, request.headers['host']) var proxy_request = proxy.request(request.method, request.url, request.headers); proxy_request.addListener('response', function(proxy_response) { proxy_response.addListener('data', function(chunk) { response.write(chunk, 'binary'); }); proxy_response.addListener('end', function() { response.end(); }); response.writeHead(proxy_response.statusCode, proxy_response.headers); }); request.addListener('data', function(chunk) { proxy_request.write(chunk, 'binary); }); request.addListener('end', function() { proxy_request.end(); }); }).listen(8080); update_blacklist();

Now to block proxy users from using Facebook, just echo facebook.com to blacklist file:

$ echo 'facebook.com' >> blacklist

The proxy server will automatically notice the changes to the file and update the blacklist.

Surely, a proxy server without IP control is no proxy server, so let's add that as well:

var http = require('http'); var sys = require('sys'); var fs = require('fs'); var blacklist = []; var iplist = []; fs.watchFile('./blacklist', function(c,p) { update_blacklist(); }); fs.watchFile('./iplist', function(c,p) { update_iplist(); }); function update_blacklist() { sys.log("Updating blacklist."); blacklist = fs.readFileSync('./blacklist').split('

') .filter(function(rx) { return rx.length }) .map(function(rx) { return RegExp(rx) }); } function update_iplist() { sys.log("Updating iplist."); iplist = fs.readFileSync('./iplist').split('

') .filter(function(ip) { return ip.length }); } http.createServer(function(request, response) { var allowed_ip = false; for (i in iplist) { if (iplist[i] == request.connection.remoteAddress) { allowed_ip = true; break; } } if (!allowed_ip) { sys.log("IP " + request.connection.remoteAddress + " is not allowed"); response.end(); return; } for (i in blacklist) { if (blacklist[i].test(request.url)) { sys.log("Denied: " + request.method + " " + request.url); response.end(); return; } } sys.log(request.connection.remoteAddress + ": " + request.method + " " + request.url); var proxy = http.createClient(80, request.headers['host']) var proxy_request = proxy.request(request.method, request.url, request.headers); proxy_request.addListener('response', function(proxy_response) { proxy_response.addListener('data', function(chunk) { response.write(chunk, 'binary'); }); proxy_response.addListener('end', function() { response.end(); }); response.writeHead(proxy_response.statusCode, proxy_response.headers); }); request.addListener('data', function(chunk) { proxy_request.write(chunk, 'binary'); }); request.addListener('end', function() { proxy_request.end(); }); }).listen(8080); update_blacklist(); update_iplist();

By default the proxy server will not allow any connections, so add all the IPs you want the proxy to be accessible from to iplist file:

$ echo '1.2.3.4' >> iplist

Finally, let's refactor the code a little:

var http = require('http'); var sys = require('sys'); var fs = require('fs'); var blacklist = []; var iplist = []; fs.watchFile('./blacklist', function(c,p) { update_blacklist(); }); fs.watchFile('./iplist', function(c,p) { update_iplist(); }); function update_blacklist() { sys.log("Updating blacklist."); blacklist = fs.readFileSync('./blacklist').split('

') .filter(function(rx) { return rx.length }) .map(function(rx) { return RegExp(rx) }); } function update_iplist() { sys.log("Updating iplist."); iplist = fs.readFileSync('./iplist').split('

') .filter(function(rx) { return rx.length }); } function ip_allowed(ip) { for (i in iplist) { if (iplist[i] == ip) { return true; } } return false; } function host_allowed(host) { for (i in blacklist) { if (blacklist[i].test(host)) { return false; } } return true; } function deny(response, msg) { response.writeHead(401); response.write(msg); response.end(); } http.createServer(function(request, response) { var ip = request.connection.remoteAddress; if (!ip_allowed(ip)) { msg = "IP " + ip + " is not allowed to use this proxy"; deny(response, msg); sys.log(msg); return; } if (!host_allowed(request.url)) { msg = "Host " + request.url + " has been denied by proxy configuration"; deny(response, msg); sys.log(msg); return; } sys.log(ip + ": " + request.method + " " + request.url); var proxy = http.createClient(80, request.headers['host']) var proxy_request = proxy.request(request.method, request.url, request.headers); proxy_request.addListener('response', function(proxy_response) { proxy_response.addListener('data', function(chunk) { response.write(chunk, 'binary'); }); proxy_response.addListener('end', function() { response.end(); }); response.writeHead(proxy_response.statusCode, proxy_response.headers); }); request.addListener('data', function(chunk) { proxy_request.write(chunk, 'binary); }); request.addListener('end', function() { proxy_request.end(); }); }).listen(8080); update_blacklist(); update_iplist();

Again, it's amazing how fast you can write server software in node.js and JavaScript. It would probably have taken me a day to write the same in C. I love how fast you can prototype the software nowadays.

Download proxy.js

Download link: catonmat.net/ftp/proxy.js

I am gonna build this proxy up so I also pushed proxy.js to GitHub. You can fork and contribute.

Happy proxying!