Do I need to take any specific security measures when using Proxy Manager?

Support Account
Support Account
  • Updated

It is important to ensure that Proxy Manager is only accessible when working either in environments that are strictly under your control or via a secured connection such as VPN. In addition, if installed on a remote server, it is best to:

Block unwanted sources from using the Proxy Manager's ports

Whitelist IPs on all your ports inside the Proxy Manager to ensure usage on those ports is only from allowed and wanted sources. While this feature is enabled, only the listed IPs will be allowed to send requests through the port with this configuration. Using this feature will ensure the bandwidth you pay for is consumed only by trusted sources.
See example below how to add whitelist IPs for specific port:

Block unwanted users from editing the Proxy Manager settings

Whitelist admin access to ensure only authorized IPs can perform changes to your Proxy Manager settings. This will block the admin page and the Proxy Manager's API when it is accessed from outside the server (where the Proxy Manager is hosted) from IPs which are not whitelisted.
See example below how to easily add IPs to whitelist in General Settings:

See example below, how to add whitelisted IPs to access the admin UI directly from the config file:

Authentication using token

If you are using multiple crawlers with changing ips to send requests to remote Proxy Manager server you will need to generate a token to use for authentication on the Proxy Manager:

  • Run Bright Data process from inside the server
  • From the Proxy Manager's server run in terminal/command line:
    curl -X GET "" -H "accept: application/json"
  • You should be seeing the token response:
    "token":"TOKEN STRING"

After generating a token you have two options: either use the token to whitelist the new IP once when the crawler server is set up or include the token in the proxy auth of each request:
To make requests use the token in the proxy auth use username "token" and the actual token as the password, for example:

  • curl -x token:TOKEN_STRING@

To whitelist your new server IP so you don't need to send it in proxy auth:

  • Copy the token from Proxy Manager server to new crawler server
  • Make this request from your new server:
    curl [REMOTE_SERVER_IP]:22999/api/add_wip -X POST -H "Content-Type: application/json" -H "Authorization:[TOKEN_STRING]" -d '{"ip":"[CRAWLER_IP]"}'
  • Your crawler ip is now whitelisted on the Proxy Manager

NOTE: this will not give access to the Proxy Manager's admin panel but only to send requests through the ports

Local network

If you want to access Proxy Manager from a network where many people share the same IP then whitelisting IP is not strong enough for you. By whitelisting your IP you are giving an access to all the people from the same local network (corporate environments often look like that).
Use local_login flag and Proxy Manager will require authentication from each browser separately and a newly generated token will be stored in the cookies.

pmgr --local_login
Share this

Was this article helpful?

0 out of 0 found this helpful