

Show HN: GoPee – Simple, Self-Hosted Web Proxy in Go - madhurjain
https://gopee.herokuapp.com/

======
mkr-hn
Might not be the best of names.

~~~
madhurjain
@mkr-hn I understand. But, just check the site title if you haven't already.
Maybe that would help see it from a different angle ?

~~~
Stratoscope
To be honest, I've never actually thought about peeing on my ISP.

But the single most enjoyable experience I've ever had peeing was at Martin's
West in Redwood City.

They have an old-fashioned long tray shared urinal like we had in
kindergarten, but thankfully I was there early and had the whole thing to
myself. And they had just filled the entire tray with crushed ice!

If your aim is good, you can make any pattern you want. I tried for the
Mandelbrot but only got a few spirals going. But man, was it fun!

What did you say your open source project does again?

------
madhurjain
Minimal, Web proxy written in Go.

Can be self-hosted on Heroku, Red Hat OpenShift or any VPS / Cloud provider.

more details here
[http://madhurjain.github.io/gopee](http://madhurjain.github.io/gopee)

~~~
deftnerd
Great start. Your two known deficiencies are pretty big right now:

* Doesn't support anything which requires sessions / cookies / logging in, yet

* Most AJAX requests don't work since the URLs are not rewritten

Don't stop working on it! This is a pretty great project.

~~~
nacs
Other issues:

* It's leaking a lot of information (Google Analytics and a few other domains are being connected to directly instead of going through proxy). This is probably the biggest thing to fix. Offering a "strip all scripts" option may help.

* Useragent is set to Go's default. Forwarding the user's user-agent or better yet, a stock browser useragent (Firefox or something) may be better

~~~
zeendo
That first issue isn't really generally fixable, is it? At least, not for a
web-based proxy like this.

SOME effort could be made to rewrite URLs found inside of Javascript but that
might be a terrible idea in practice.

~~~
nacs
If you're allowing Javascript then it'd be tough but if scripting is stripped
it should be doable.

For anonymizing, stripping Javascript, Flash/plugin content would be essential
I think.

------
nfriedly
Nice! I wrote something similar in node.js a while back; so far it's gotten me
banned from Heroku and nodejitsu :p

~~~
saganus
Why did it got you banned on those services??

~~~
nfriedly
On Heroku, someone reported my site as being infected with malware that stole
peoples Facebook passwords. Heroku took the site offline and notified me. I
explained that it was just a web proxy and that there was no malware or stolen
passwords. A week or two later they emailed me that I was correct, but they
were going to keep my site offline and change their TOS to forbid proxy sites.
(As far as I know they never did change their TOS, so GoPee should still be
safe.)

On Nodejitsu, someone tweeted links to porn that went through my proxy, and
they disabled the site thinking that I was using their service to host porn.
The CEO told me that they'd turn it back on if I added user accounts and a way
to ban users. But at that point, I had a newborn son and was in no mood to put
a bunch of development work into making my anonymous proxy not-so-anonymous.

So, right now, it's still offline. The source is at
[https://github.com/nfriedly/node-unblocker](https://github.com/nfriedly/node-
unblocker) if anyone's interested.

------
daviddoran
I think a slightly more practical approach would be to make an easily self-
hosted web proxy with an accompanying Google Chrome (or other) extension that
can rewrite all network requests.

------
aosmith
I wrote something like this a while back:

[https://github.com/aosmith/go-proxy](https://github.com/aosmith/go-proxy)

~~~
nacs
Goals are quite different however. Your project is more of a raw socket
forwarder while OP's project attempts to be an anonymizing content proxy.

------
lawnchair_larry
I get where "Go" comes from, obviously, but I'm confused about "Pee".

~~~
c17r
My guess would be "Pee" = "P" = "Proxy"

------
milankragujevic
Another issue is that forms don't work.

~~~
madhurjain
doh! Issue logged. Will fix it. Thanks!

~~~
nacs
As someone that has worked on a similar project before -- I should caution you
that allowing POST requests and such can open up a lot more potential for
abuse (comment spammers, web-mail spam, etc) so you should add some rate
limiting per-visitor-IP/target-domain or something similar before implementing
this.

~~~
madhurjain
right.. thanks for the heads up ! But since it's a self-hosted solution, it
would be very easy to just circumvent the rate-limiting and use it for
malicious purpose ?

~~~
nacs
Right, if your goal is privately hosted/accessible instances then it shouldn't
be a problem. Just mentioning in case the goal is to offer it as a public
service as it is at your main domain.

