AnalogX Proxy

When you first start AnalogX Proxy, you will see a warning that it is running in an open state.

AnalogX Proxy warning

This means that any system that can access your system over the network can use the proxy server services provided by AnalogX Proxy. If you have multiple IP interfaces on your system, e.g. one for your local network and one facing the Internet, you would likely only want to provide the proxy services to the system on your LAN, i.e. only the other systems on your local network. You can right-click on the green AnalogX icon in your system tray at the lower right-hand corner of your screen then select "Configure" and put in the IP address of the interface that faces your LAN, e.g. 192.168.0.1, in the "Proxy Binding" field ("disabled" is the default value, meaning the proxy services are available on all interfaces on the system).

AnalogX Proxy Binding

Once you put an IP addres in the "Proxy Binding" field, you will no longer get an message warning you that Proxy is running in an open state when your start it. You can also stop the warning message from appearing by editing Proxy's "Disable Bind Warning" value in the registry. To disable the warning by that method, run the registry editor (click on "Start", then "Run" and type "regedit" and hit enter.) and browse to HKEY_CURRENT_USER\SOFTWARE\AnalogX\Proxy. Double-click on the "Disable Bind Warning" key and change the value from 0 to 1 and click on "OK". To check the value of this registry setting, and other AnalogX Proxy registry settings, from a command prompt using the reg command, see Reg Command - AnalogX Proxy Settings.

AnalogX Proxy disable bind warning

If you want to allow specific systems out on the Internet to use the AnalogX proxy service, then you absolutely should not make it available to everyone on the Internet, but should restrict access only to those IP addresses of the specific systems to which you wish to grant access. If you do otherwise, then you allow your system to be abused by any malicious individual anywhere in the world who happens to discover your system is functioning as an open proxy. And there are many people who search for open proxies, so the likelihood is very high that your system will be discovered. And some individuals and organizations post the list of open proxies they find for others to use.

Software to test for open proxies, such as pxytest is freely available. Pxytest requires Perl, which is available on most Linux or Unix systems. There is also a free version of Perl, ActivePerl, which is available for Windows, Linux, Mac OS X, and Solaris systems.

If you leave it accessible to anyone then those wishing to conduct illegal activities, but hide themselves from law enforcement personnel may use your system to route their activites through your system. If the illegal activity is discovered it will be traced to your system. So you may find yourself arrested and your system confiscated, if you don't take prudent measures to limit access to the proxy server services on your system. You might eventually be able to convince law enforcement personnel that you aren't the real culprit, but that is not assured, and even if you are successful it may take some time to convince them.

So how do you limit access to the proxy server serivices? If you are running Windows XP, then you have a built-in firewall. If you don't have Windows XP Service Pack 2 installed, then, unless you have specifically turned on the firewall, it will be off. If you have Service Pack 2 installed, it will be on by default. If it is not on, turn it on. If you are using another Windows operating system, install firewall software. For information on how to add firewall rules for the Microsoft Windows XP firewall software from the command line, see Adding Firewall Rules to a Windows XP Professional System via the Command Line.

To configure the Windows firewall, take the following steps:

  1. Click on "Start", "Control Panel", and double-click on "Windows Firewall". Under "Programs and Services", you should see proxy listed.

    Windows Firewall programs and services

  2. Click on proxy to select it and then click on the "Edit" button.

    3. Windows Firewall edit proxy

  3. Then click on the "Change Scope" button.
  4. Click on "Custom list" and put in the addresses to which you want to grant access to the proxy server services. If you have more than one IP address, separate them with commas. If you want to grant access to a subnet, i.e. a range of addresses, put in the subnet followed by a slash and the subnet mask. E.g. to grant access to all systems from 192.168.1.0 to 192.168.1.255, you could use 192.168.1.0/255.255.255.0. The 192.168.1.0 specifies the subnet and the mask of 255.255.255.0 indicates, since the last octet is zero, that the range extends from 0 to 255, the highest possible number in an IP address.

    5. AnalogX Proxy - Windows Firewall change scope

  5. Then click on "OK" and "OK" again at the "Edit a Program" window, followed by clicking on "OK" again at the "Windows Firewall" window. Now even if the AnalogX Proxy program displays its warning message about running in an open state when you start it, you have limited access to it to specific IP addresses.

You may also want to change the ports that AnalogX listens on. Anyone searching for an open AnalogX Proxy server will check for systems listening on the default ports used by AnalogX. You can change those ports. The procedure is described below for changing the http port used for Web connections, but is similar for the other proxy ports as well.

  1. First make sure AnalogX is not running You can stop it by right-clicking on its icon in the system tray, if it is running, and choosing "Exit". If it is running when you change a listening port with the registry editor below, then AnalogX Proxy will reset the port to the default port when it closes and so any changes you make will be lost.
  2. Run the registry editor by clicking on "Start", then "Run" and typing "regedit" and hitting return.
  3. Browse to the HKEY_CURRENT_USER\Software\AnalogX\Proxy key and click on it.

    Registry editor - AnalogX Proxy keys

  4. To change the port the service uses, double-click on it in the right pane. E.g. to change the HTTP proxy port, double-click on "HTTP Port".

    Registry editor - AnalogX Proxy keys

  5. By default, the contents of the field, i.e. the "value data", is displayed in hexadecimal. Most people will feel more comfortable working with decimal values, so may want to click on "decimal" to convert the hexadecimal value to its its decimal equivalent of 6588. You can then put in whatever alternative port you want. You shouldn't use a number less than 1024, since the ports 0 to 1023 are considered to be "well known ports", i.e. assigned for specific known purposes. You can go up to 65,536. Click on "OK" when you have put in your new value.
  6. You can then close the registry editor by going to "File" and choosing "Exit".
  7. You will need to close the AnalogX Proxy program and restart it for the changes to take effect.

If you want AnalogX Proxy to start automatically when the user logs on, run the registry editor and go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Click on "Edit", then "New" and select "String Value". Change the name to "AnalogX Proxy" or whatever you like. Then double-click on the key name you just picked to modify the value of the key. For "Value data" put in the path to the proxy executable file, e.g. "C:\Program Files\Proxy\proxy.exe".

Registry editor - AnalogX Proxy run

References:

  1. Reg Command - AnalogX Proxy Settings
    MoonPoint Support
    October 29, 2006
  2. Adding Firewall Rules to a Windows XP Professional System via the Command Line
    MoonPoint Support
    December 1, 2005