Managing Proxy Authentication and Exclusion List

February 28, 2013 10:45 pm Leave your thoughts

A lot of companies have implemented firewalls and closed off direct external internet access for security reasons. This results in developers going through proxy servers (internal to the company) in order to access external websites.

Normally, these proxy server can be configured through the OS global configuration or through individual applications. These ways are okay until you have to maintain exclusion list. For example: if you are developing a site using virtual hosts and the host file, you wouldn’t want to go through the proxy server when accessing these addresses, because it’s not going to work.

Some of the instructions following will be for Ubuntu Linux, but you can easily adapt those for other flavor of Linux, Windows or OSX; courtesy of open source software.

Centralised Proxy Configuration

First we need a software to centralised our configuration. For this we use, CNTLM. This is almost like having another local proxy server running on your machine taking care of the inbound/outbound proxy server connection and authentication while maintaining exclusion list.

To install this you can either:

  • Sudo apt-get install cntlm


  • Go to the official website and download the source
  • Extract the archive
  • Make
  • Sudo make install

Installation is pretty simple.

After CNTLM is installed, you will then need to configure the proxy server that it suppose to connect to, including the authentication details. The great thing is, you won’t have to save your authentication in plain text since CNTLM saves them in hashes.

So to configure:

Open the configuration file:

Update your:

  • Username
  • Domain
  • Proxy (enter your proxy server IP here)
  • NoProxy (enter your exclusion list here)
  • Then save the configuration file

After the configuration above, it’s time to enter your credentials

You will get something like:

Copy and paste the three hashes into the cntlm.conf and you are set to go.

Start cntlm by running:

The first command with -fv tells cntlm to run on foreground with verbose mode. I tend to use that since I will be able to see any errors that might come up.

By default your proxy will run at http://localhost:3128

Apt proxy configuration (debian/ubuntu)

Next up is the apt configuration. This is important if you want to be able to apt-get install something via the proxy.

So open up /etc/apt/apt.conf

Add your proxy configurations and save

Wget Configuration

In addition to the above, sometimes you will also need to add your local proxy address into the wget configuration to get command line wget to work.

So open up /etc/wgetrc and modify the proxy sections to use our localhost:3128 configuration.

When done with the above, it should help a bit with managing your proxy authentication and exclusion list.

Tags: , ,

Categorised in: ,