Change your IP Address by setting up your own proxy server

The page describes the process I use to setup a proxy server, which is an easy way to change your IP address on Internet Explorer, Firefox, and other web browsers. However, I only recommend these DIY instructions for the tech savvy. I've done my best to simplify the process, but you should be prepared for some tedious work and possible troubleshooting if you've never worked with linux commands before.

Viewing the audio/video instructions requires a computer (they won't play on mobile devices). Alternatively, you can click the links to view a written transcript.

Important Disclaimer

Step 1: Confirm that you want to install a proxy

I usually suggest setting up a VPN rather than a proxy for purposes of changing your IP address - listen to my reasons why in step #1 here. However, if you have a particular software/program that is only compatible with proxies, instructions for configuring a private proxy are provided below.

Step 2: Find and register a "virtual private server"

Audio Instructions   [1 minute | Show/Hide Text]

Click to play audio

KEY RECOMMENDATION: In the video below, I recommend a VPS service called VR.org. However, since making this video, many other high quality providers have come along. Here's a partial list: VR.org, DigitalOcean.com, Vultr.com, Linode.com, Ramnode.com (these are all good companies, and I don't receive any compensation for saying so). You'll want to make sure you find a VPS provider who offers servers in your desired location (that may require some Googling). Ideally, your host's control panel will allow you to start/stop and reinstall the VPS independently (without contacting their customer support).   Prefer a different VPS provider or location?

Click to play video

A note about security

Click to play video

KEY POINT:   Whether you use the recommended host, or any another, be sure to choose Linux "Debian" as the operating system (even if your home computer is Windows or Mac).

Step 3: This step is for Windows PC users only

Audio Instructions   [1 minute | Show/Hide Text]

Click to play audio

KEY POINT:   Mac users skip this step. Windows/PC users, download PuTTY.exe from this link (feel free to run a virus scan on it). Then doubleclick the downloaded file to run the program.

Step 4: Login to your server

Click here for Windows/PC instructions | Click here for Mac instructions

Step 5: Install the proxy onto your VPS

If you completed the steps on the previous page successfully, you're now logged into your VPS via SSH. You should see a command prompt and cursor. At that prompt, type the following:

apt-get update [Then hit "Enter"]

apt-get install squid   [Enter]

After typing the above command, you'll see a bunch of output, and then be asked "Is this ok [y/N]". Type an uppercase "Y":

Y   [Enter]

You'll see more output, and then something like "Restarting Squid" or "[OK]".

Believe it or not, you've just installed a proxy server. Unfortunately, most of our work will lie in converting it into a "highly anonymous" proxy server (one that does not reveal your actual IP address).

Before we start changing Squid's settings to make it anonymous, let's backup the original file by typing:

cp /etc/squid/squid.conf /etc/squid/squidbackup.conf   [Enter]

Tip: you can copy these commands with ctrl+c, and then paste into PuTTY with shift+Insert (NOT ctrl-v)

If you get any errors, you'll need to do some troubleshooting (check the instructions above, start over, or get some professional help on a site like Freelancer.com).

We're now going to use a text editor called "Nano" to work with the configuration file. Type:

nano /etc/squid/squid.conf  [Enter]

The Nano text editor will appear with the contents of the Squid configuration file showing. You can use the up and down arrows to navigate through the file.

NANO SKILLS [read completely - you'll need this info for the rest of the page]:
1] To navigate through the file in Nano, use the arrow keys (left, right, up and down keys).
2] To search/find text (or lines of text) using Nano: type ctrl-w, enter the text to search for, and hit enter.
3] To delete characters in Nano, use the back-arrow, or the Delete key.
4] To paste text into Nano, ctrl+c won't work. Instead, type "shift+Insert", or click your right mouse button.
5] If you get stuck, hit Ctrl+x, don't save changes, and start over with "nano /etc/squid/squid.conf"

Using the above skills, I'd now like you to make the following changes:

FIRST, FIND THIS LINE: "# forwarded_for on"   (not including the quotes)

forwarded_for off

For these instructions, don't enter any of the number signs (#) like you might see on the other lines.

NEXT, FIND THIS LINE: "#Recommended minimum configuration per scheme:"
BELOW IT, INSERT THE FOLLOWING LINES (remember, you can copy/paste):

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm MyPrivateProxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Remember: you can copy all that with ctrl+c, and then paste into PuTTY with shift+Insert (NOT ctrl-v)

FIND THE LINE THAT INCLUDES: "TAG: header_access"      (if you don't see it, skip to next step)

header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Proxy-Authorization allow all
header_access Proxy-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access Cookie allow all
header_access Set-Cookie allow all
header_access All deny all

If you didn't find the text in the previous step, then do this:

FIND THE LINE THAT INCLUDES: "TAG: request_header_access"

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access Cookie allow all
request_header_access Set-Cookie allow all
request_header_access All deny all

Using your favorite (most commonly used) web browser, go to www.whatsmyuseragent.com and copy the text after "Your User Agent:".


header_replace User-Agent YourUserAgent   (where YourUserAgent is the "User Agent" from above)

Make sure the entire entry appears on one line.

Note: for increased privacy, you could use a slightly different useragent (e.g. a different version). If you prefer that, search Google for "common useragent strings".

NEXT, FIND THE LINE THAT INCLUDES: "And finally deny all other access to this proxy"

http_access allow ncsa_users


acl ncsa_users proxy_auth REQUIRED

With your favorite web browser, go to www.ipchicken.com and copy the number after "Remote Port:". While this changes all the time, it will give us a rather random value to use as your proxy Port that is not likely to be found by port scanners.

FIND THIS LINE: "Squid normally listens to port 3128"

http_port ####    (where #### is the port number from above)

If you're going to be using your private proxy from remote locations, feel free to choose an easier to remember port number.. something between 1000 and 9999. I try to avoid the common proxy ports, which are 3128, 8080, and 8888.


# http_port 3128    (just put a number sign in front of it)

Next you'll need to enter a hostname for Squid to broadcast. If you're comfortable using a domain name , then use that (e.g. "http://www.yourwebsiteurl.com"). That looks more "legitimate". If you want to increase privacy a bit, then just use your IP address.

Scroll the the bottom of the configuration file in Nano (use ctrl+v to scroll down), and enter a new line:

visible_hostname XXXX    (where XXX is the hostname from above)

[OPTIONAL STEP] Did your VPS account come with more than one IP address? If not, you can skip this step. But if so, you'll want to create separate connections for each IP. This way, connecting your browser to IP#1 will make your IP appear to be IP#1, connecting to IP#2 will give you proxy IP#2, and so on.

So, let's assume you have 3 IP addresses. You can add more lines to the entries below to accomodate more IP's, or remove the 3rd line from each if you just have two IP's. And again, if you only have one IP, then ignore this step.

For demonstration, we'll assume your three IP's are: / / and


acl dstip1 myip
acl dstip2 myip
acl dstip3 myip

Be sure to replace the last numbers with your own IP addresses.

NOW, FIND THE LINE THAT INCLUDES: "tcp_outgoing_address"

tcp_outgoing_address dstip1
tcp_outgoing_address dstip2
tcp_outgoing_address dstip3

[OPTIONAL] By default, Squid logs all surfing activity for review. If you want to disable logging, do this:

FIND THIS LINE: "access_log /var/log/squid/access.log squid"

...CHANGE IT TO: "access_log none"   (don't include the quotes)


#access_log ...

Now, we want to save the configuration file and close it. Type ctrl-x, and then confirm the Save with "y"::

y   [Enter]

Now, let's see if your VPS has a firewall running. Type:

iptables -L   [Enter]

If all you see is 6-10 lines like the image below shows, then skip to the next step (next horizontal line).

If you see any more than that, then let's add a rule to make sure our proxy can connect through the firewall. In the commands below, replace #### with the port number that you setup in the Squid configuration as "http_port":

iptables -I INPUT 2 -p tcp -m tcp --dport #### -j ACCEPT   [Enter]

iptables -I INPUT 2 -p tcp -m tcp --sport #### -j ACCEPT   [Enter]

iptables-save > /etc/iptables.rules   [Enter]

iptables-restore < /etc/iptables.rules   [enter]

If you ever reboot your VPS server (or if the provider reboots the entire server), you may need to run that last command (iptables-restore < /etc/iptables.rules) again.

Now, we need to prevent the entire world from using your proxy. The most flexible method of doing this is with usernames/passwords. First, we need to install another package:

apt-get update   [Enter]

apt-get install squid squid-common apache2-utils   [Enter]

That will all take a minute or two to install. Then, let's create a file for storing login data:

touch /etc/squid/passwd   [Enter]

Now, choose a username that you'll remember. Let's assume you chose "user1" as your username. Type the following:

htpasswd /etc/squid/passwd user1   [Enter]

It will then ask you to enter a password twice. Do that (you will not see the characters as you type). Be sure to write down the password so you'll remember.

Tip: You can add more users anytime using this same method above. And to change a user's password, simply enter the same command again and you'll be prompted for that user's new password.

Now, type the following to make sure that Squid can read the file of usernames/passwords:

chown root.proxy /etc/squid/passwd [Enter]

Only if you get an error about invalid user, then do this also:

chown root.squid /etc/squid/passwd [Enter]

And in either case, follow with this command:

chmod 640 /etc/squid/passwd  [Enter]

Okay, let's (re)start the proxy server. Since it is probably already running, do this:

/etc/init.d/squid restart   [Enter]

Even if the proxy's not running, the "restart" command will start it.

If all was configured correctly, you should get a message that says something like "Starting squid [ok]". To confirm that Squid is running, type this:

ps aux | grep squid   [Enter]

Do you get like 4-8 lines of output? If so, congratulations! You can proceed to configure your browser in the next step.

If you only see 0-2 lines, something's wrong (troubleshooting time).

Step 6: Configure your browser to surf via the proxy

IMPORTANT: Copy/paste the following instructions to a file on your computer (just in case you lose your Internet connection to this site). If you do lose connectivity, refer to the instructions to disconnect from the proxy.

We will now configure your favorite browser to use your new proxy IP address. Choose your browser:

Internet Explorer | Firefox | Safari | Chrome | Other Browers and Programs

Step 7: Clear your browser cookies!

Websites often track activities by using cookies. If you change your IP address (activate or deactivate a proxy connection) and then start surfing without clearing your cookies, websites may easily detect you.

Internet Explorer | Firefox | Safari | Chrome

Step 8: Test your IP relay

Use any of these websites to confirm that you've changed your IP and your proxy is "anonymous":

  1. http://www.iprivacytools.com/proxy-checker-anonymity-test/ (you should see message "no proxy detected" at the top)
  2. http://www.spyber.com/ -- scroll down to "Proxy IP Address Detection"... It should say "no proxy detected"
  3. http://www.linksmile.com/anon-proxy-checker.php -- scroll to "Anonymous Proxy Test"
  4. http://www.ip-adress.eu/ -- look for "no proxy detected"
  5. http://whatismyipaddress.com/ -- make sure nothing appears near "Now detects many proxy servers"

If all the sites displayed your new IP address, and none detected a proxy server, then CONGRATULATIONS!

If you've found any errors in these instructions, please let me know!