Tinyproxy is a light-weight HTTP proxy daemon for POSIX operating systems. It is distributed using the GNU GPL license version 2 or above, so we can download it and install it on our Linux server freely.
Tinyproxy is a light-weight alternative for the well known Squid proxy server. It’s really memory efficient so it will run perfectly fine in small VPS (Virtual Private Server) and being used for several users. Several features of Tinyproxy are:
- Small footprint: Tinyproxy requires very little in the way of system resources. The memory footprint tends to be around 2 MB with glibc, and the CPU load increases linearly with the number of simultaneous connections (depending on the speed of the connection). Thus, Tinyproxy can be run on an older machine, or on a network appliance such as a Linux-based broadband router, without any noticeable impact on performance.
- Minimal requirements: Tinyproxy doesn’t require anything more than a POSIX environment to build and operate. It can use additional libraries to add functionality though.
- Easily modified: If you’re looking to build a custom web proxy, Tinyproxy is very easy to modify to your custom needs. The source is straightforward, adhering to the KISS principle. As such, it can be used as a foundation for anything you may need a web proxy to do.
- Anonymous mode: Allows you to specify which HTTP headers should be allowed through, and which should be blocked. This allows you to restrict both what data comes to your web browser from the HTTP server (eg., cookies), and to restrict what data is allowed through from your web browser to the HTTP server (eg., version information).
- Remote monitoring: Using the remote monitoring feature, you can access proxy statistics from afar, letting you know exactly how busy the proxy is.
- Load average monitoring: Tinyproxy can be configured to watch the load average on most platforms, and start refusing requests when the load reaches a certain point. You may recognize this feature from Sendmail.
- Access control: You can configure Tinyproxy to only allow requests from a certain subnet, or from a certain interface, thus allowing you to ensure that random, unauthorized people will not be using your proxy.
- Secure: With a bit of configuration (specifically, making the log file owned by nobody and running it on a port > 1024), Tinyproxy can be made to run without any special privileges, thus minimizing the chance of system compromise. Furthermore, it was designed with an eye towards preventing buffer overflows. The simplicity of the code ensures it remains easy to spot such bugs.