Best Proxy Practices (BPP!) and an update
I just want to make a quick post about best practices when running a proxy to help those on the ground in Iran get access to social networks, the outside world, and their families. It is ABSOLUTELY IMPERATIVE that this be a secure effort that is thought out and executed in the safest possible manner.
As a general rule, and I know I didn’t point this out in the original guides, all proxies should be setup with the following options in the Squid config file:
* Blocking of IRI government ipblocks 
* Allowing of Iran ipblocks 
* 10 random chosen inbound ports
* CONNECT support
* No X-Forwarded-For headers
* No client stats
* Logging to /dev/null
* Turn SSL off — it’s blocked from Iran anyway
If you’re running a proxy already, please change these settings. If you’re running a proxy on a default port (81/8080/8181/9090/3218) then change the port and shoot me off an e-mail at [email protected]
I will post a sample configuration file, as I know there have been a lot of concerns.
Also, I want to say sorry for not being able to respond to all the tweets and e-mails yet, although I’m going as fast as possible given all the other pressing demands! I’ve got thousands of emails to sort out, and the outpour of support and people helping out has been amazing. Together we’re capable of doing amazing things so thank you to everyone who is helping make a difference.
Thank you. Thank you. Thank you.
 Based on ripe data found on RIPE
 Based on Country IP data found on CountryIPBlocks
- How to setup a proxy for Iran citizens
- How to setup a proxy for Iran citizens (for Windows!)
- How to setup a proxy for Iran citizens (Virtual Machine Disk Format!)
- Working Iran Proxy List
- How to setup a proxy for Iran citizens (for Mac!)