FoxyProxy Add-on Is Nice

I’ve successfully added i2prouter to the RockPro64 / Armbian Buster, and configured FoxyProxy. All in about an hour (most of it fooling around learning FoxyProxy).

FoxyProxy makes the whole “browser configuration” issue MUCH easier. I’ve done NONE of the “about:config” stuff I had to do before, and yet it is working just fine.

First thing for me to learn was that FoxyProxy is an Add-On, not some standalone program, so you just add it at the mozilla add-on site “in the usual way”. (Not sure yet how to add it to Chromium, but there is a way…). Then you configure it.

Web searches for how to configure it were not all that helpful. In the end, some “directed guessing” along with “just trying things” worked best.

I got it from here:

Once I’ve also added it to Chromium I’ll detail that process as well.

There’s also some guidance here:

Where they spend a fair amount of time trying to sell you their VPN service too…

This site was quasi helpful, but is all about how to configure it to use their VPN service:

After getting a few such sites, even on searches restricted with “i2p” or “i2prouter”, I decided to just go for it.

So install the add-on by clicking on the install button. Then an orange meatball thing appears at the far right near the hamburger hash in your browser bar. Click on it, and you get the configuration entry. Click on “options” and you enter the add configuration / set up page.

Add Proxy Server Page

Add Proxy Server Page

Click on the image to embiggen…

At the upper left is the “add” button to add filter / proxy configuration lines.

When you get here, there will only be one of those green lines. It will have “*” as the selection filter and accepts all URLs and sends them on their way. Also note that the line just above those green lines where it says “Use Enabled Proxies By Pattern And Order” will instead say something like “Turn Off Use Firefox Settings”. Nothing will happen until you change it to “Use Enabled Proxies By Pattern And Order”. Until then, FoxyProxy is just a No-Op.

You can see that I’ve added some “green lines” (Proxies) but the top one is shut off (far right, grey radio button). That’s one I added while I was trying to figure things out, but have now shut off. I’m leaving it there in case some day it is useful.

Notice, too, there are 2 labeled with “Clear”* as their names. At first I’d only added the one saying “HTTPS/SSL”. Those two rules send HTTP and HTTPS traffic to the Clearnet (regular internet). I “had issues” with an error message that FFox was not letting me go to sites as their SSL cert return was all wrong. It took me a while to figure out that “something” in the SSL Cert validation needed an HTTP port out and was NOT using HTTPS. Seems wrong to me that authentication would need any non-encrypted port, but ‘whatever’. I added “*” wild card (no *.i2p filter) to an HTTP proxy line and it fixed that.

So what we have here are 4 rules. 2 for Clearnet and 2 for i2p network, one each HTTP and HTTPS. But I’ve shut off the HTTPS one for i2p as, in theory, it does not use HTTPS since things are already encrypted inside the tunnels. IFF I ever need that for some reason, it’s one “click the grey radio button” away from activation.

You will need to add these lines / edit the one that is there.

So what do these filters look like? Pretty simple, really:

FoxyProxy HTTP Clearnet

FoxyProxy HTTP Clearnet

Here’s the filter for the HTTP Clearnet filter. Upper right, HTTP is chosen for “Proxy Type”. The other Clearnet filter is identical other than that it has “HTTPS” as “Proxy Type”. There are also choices for “Direct No Proxy” which was the original setting and SOCKS and some others. I have a Squid proxy running so chose to point at it instead of at “Direct No Proxy”. So choose direct or enter the IP and port for your proxy server. Click “Save and edit patterns” and you get to choose what to filter in and out.

Clearnet pattern filter

Clearnet pattern filter

This is the same for both the Clearnet HTTP and Clearnet HTTPS proxy lines, so only one picture, but you get to make two of them.

First off, notice it is “white list” first, then “Black list”, but the black list rules are applied first, then any whitelist items are allowed out. So notice that first filter say “*” or “anything at all” gets here, let it out the regular way (my proxy server, or direct to internet if you chose no proxy server).

Then we get to the black list. Before something can get to that “let it go” filter, it has to be the HTTP type (or the HTTPS type for that other proxy line) and then these 4 lines get applied.

The first three, horridly complicated pattern matching “regular expression” code, you get “automagically” if you click that nice little orange “add” ‘radio button’ just above the red CANCEL button. These are necessary so that when you try to connect to the i2p router console at ‘localhost’ or, you can get to it and NOT be sent out to the internet…

Just below that is the line you add by finding the OTHER “add” button labeled “New Black” next to the blue “save” button. IF you click the simple “add” button again, you will get ANOTHER 3 lines of mush for a total of 6 and need to click “cancel” and start over. (Don’t ask… but you can now speculate about why I got the first 3…)

I didn’t bother naming this pattern, but put in “*.i2p” which says “ANYTHING.i2p” or any URL ending in the .i2p qualifier, does NOT get sent out to the clearnet, regular internet.

Click save and move on.

So at this point we ought to have a browser that works just like normal. Next we add a line to send the “*.i2p” traffic to the localhost i2p router:

i2p Proxy Line

i2p Proxy Line

This is the HTTP one that is necessary. The only difference with the HTTPS one for i2p that is shut off is that HTTPS proxy name. Notice that this points to Localhost or as the proxy server and uses port 4444 to connect. (Remember you can click and open the image for a bigger one ;-)

Then here are the settings for it (click on the same ‘Save and edit patterns’ button as before):

i2p Proxy Filter Settings

i2p Proxy Filter Settings

You add the same long complicated 3 lines in the Black List at the bottom with the same cute little “add” button. They most likely are not needed for this rule as only things ending in .i2p are accepted by it anyway, but what the heck, I left them in as “Belt and Suspenders”. That’s it for blacklisted.

On the Whitelist you put the “*.i2p” filter to allow all the URLs ending in .i2p to take the i2prouter proxy to the i2p network. That’s it. Save and exit.

At this point, with no other FireFox configuration, I get to the regular internet (Clearnet) for all the usual stuff, but any .i2p URL lands me on the i2p network. VERY nice. Plus, my i2p router console is visible in the same browser as an HTTP:// tab.

I’m pretty sure all I’ll need to do to add the Tor browser (other than install the browser and add the FoxyProxy add-on…) is to add .onion to the exclusions for Clear and Clearnet rules, make a rule with .onion going to the Tor Proxy Server, and that ought to be it.

So I’m off to that next.

Once that is done, I ought to be able to just leave a Tor router, i2p router, and maybe even some others eventually… running and ready. Then just let FoxyProxy choose the network for me based on URL I use.

Similarly, a VPN service can be configured and used only for some URLs / traffic. (So, for example, I’d not run my ROKU TV through a VPN, but other sites? Sure…)

Very Nice.

So next up is do the same thing with Chromium, add the Tor browser and router, and take it all for a test drive.

I’m really happy with how much easier FireFox configuration is using FoxyProxy when compared to admin:config and such.

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits. Bookmark the permalink.

4 Responses to FoxyProxy Add-on Is Nice

  1. another ian says:

    Sort of fits here

    Might be of interest – 2021 update

    “Alternatives to Google Products for 2021”

  2. pgsharrow says:

    Well that bites, Windows machine won’t boot up windows. So I had to piece back together this old Pi-3B to get on line. We think we have a corrupted Windows boot sector. PG&E was playing games earlier this afternoon. Man, this old thing is slow compared to the optiplex780.

  3. p.g.sharrow says:

    The Optiplex healed it’s self last night after several hours of scan repair. guess I’m spoiled as that Pi3 was so slow in comparison…pg

Comments are closed.