Using The Cloud To Access Location Restricted Services

Many cool services such as Pandora, Spotify, BBC iPlayer and Netflix are restricted to users in the US or UK.

There are a number of ways to get around this problem, the most reliable of which is probably to pay for a US/UK based proxy or VPN server. There is at least one free (for a while) way to access such services, which I will describe here.

The method I’m going to describe involves setting up a machine in the cloud, installing a proxy server on the machine and setting up your local machine to use the proxy.

AWS Instance Setup

Sign up for an Amazon Web Services account (you will need a valid credit card and telephone number). Read about the conditions of the free usage tier.

Once you’ve signed up and verified your identity (telephone number), log into the AWS console. At this point you’ll have to choose whether you want a US or an EU based instance. Select your desired location from the Region drop down menu in the top left corner.

Select the Instances page from the menu on the left and hit the Launch Instance button. I’ll describe how to set up an Ubuntu instance, since this is what I did. Select the Community AMIs tab. You’ll need to search for the appropriate AMI as defined on this page (i.e. ami-379ea943 for EU or ami-1aad5273 for US-East). Make sure whatever AMI you choose is eligible for the free usage tier. Click the Select button next to the AMI. Make sure that the Instance Type is Micro and click Continue. Click Continue again, then give your instance a name and Continue.

Create a new Key Pair and make sure to download it (let’s call it key_pair.pem), then Create a new Security Group and make sure that you specify a port (lets call it the http_port) for the proxy server to listen on. You could use a port commonly used for something else to avoid any suspicion if someone scans your instance. They aren’t likely to suspect that you have a proxy running on port 8080 for example. You’re also going to need to open port 22 for ssh access. To open these ports, simply enter the port number in the Port range text box and click Add Rule.

Finally, review your configuration and click Launch. After a few seconds your instance will be up and running. Select your instance and take note of the public_dns in the Description pane below. You’ll use this URL to connect to your instance.

Squid Configuration

Connect to your instance from the command line as follows.

ssh -i /path/to/key_pair.pem ubuntu@public_dns

You may need to set the permissions on your key file (i.e. chmod 600 key_pair.pem).

By default, the normal Ubuntu software repositories aren’t enabled, so you’ll have to edit /etc/apt/sources.list and uncomment all the repositories and then do a sudo apt-get update.

We’ll use Squid as our proxy server. Install it as follows.

sudo apt-get install squid

As mentioned here, well need to configure the port on which squid listens. We do all the squid configuration in the config file located at /etc/squid/squid.conf.

Change the listening port by setting the http_port directive in the config file (the default is 3128) to the http_port security rule you created during your instance configuration.

Squid Access Control

It’s unlikely that you want your instance to be a public proxy for all client hosts and destination servers, so you’ll want to implement some kind of access control. This can be done in many ways, but basically you can limit access by src IP, destination domain (dstdomain) or by requiring username/password authentication (e.g. by using ncsa_auth as described here).

If you’re using an application like Boxee or XBMC, which don’t support proxy authentication, then you’ll probably want to limit access by src or dstdomain.

As an example, if you want all of your friends to be able to use your proxy, but only for, say, Spotify and Pandora, then you can add the following at the bottom of the ACL section of the config file. acl RADIO dstdomain and then add http_access allow RADIO to the top of the http_access section of the config file.

By default, Squid forwards our client IPs to the destination hosts, so we’ll need to disable this to mask our location. We do this (as described here) by setting the forwarded_for directive to off in the config file.

Lastly, remember to restart Squid as follows to ensure your new configuration becomes active.

sudo /etc/init.d/squid restart

You should now have a proxy server, based in the US or EU, listening on a port of your choosing with some measure of access control implemented.

Client Configuration

All that is left to do is to tell your client application (I’ll use Firefox as an example) to connect through the proxy server.

By default, Firefox has the ability to connect through a proxy, but the control isn’t very fine grained. You can either connect to all sites through the proxy, or not use the proxy at all.

In order to have more control over which sites actually connect via the proxy server, I recommend installing the FoxyProxy Standard addon for Firefox.

Once you’ve installed the addon and restarted Firefox, go to Tools » FoxyProxy Standard » Options and select Add New Proxy. Give the proxy server a name and enter the public_dns and http_port. Then go to the URL Patterns tab and Add New Pattern. Give it a name (e.g. Spotify) and specify the pattern (e.g. **).

Make sure that Use proxies based on their pre-defined patterns and priorities is chosen for the Select mode drop down on the main FoxyProxy options pane.

Now you should be able to sign up on Pandora or request an invite on Spotify (assuming you have configured Squid to allow access and have specified the proxy and URL patterns in FoxyProxy).

Service Notes

If you’re connecting through a US based proxy, you can sign up for Pandora and listen as long as you always connect via the proxy. With Spotify (which has recently been launched in the US), you can’t directly sign up for an account. You can, however, find some invitation codes here and then use them here to sign up. Once you sign up for Spotify and download the client, you can listen without connecting through the proxy!

Netflix seems to employ some kind of proxy detection software, so I haven’t been able to get that working yet. I haven’t tried BBC iPlayer.


While this method is free for a while (a year, or until you use up your free bandwidth), it’s definitely not a permanent solution.

Further Work

There are a few things I need to try to get Netflix to work, namely, I need to see what headers Squid is sending and disable the ones which could potentially reveal the fact that it’s a proxy. Also, I still need to try out iPlayer.

comments powered by Disqus