Now some companies may have restrictions on the internal network, for example, some audio and video sites can not be opened, like this

Or something like this

It’s absolutely amazing! But sometimes I just want to listen to music and work at the same time. What about that?

Answer: can use mobile phone to listen to a song, can helpless I flow carry not to live!! 😭

How was it sealed off?

The main techniques and forms of blockade

  • Ports and IP addresses are blocked
    • Because the default port to access the site is 80, access is blocked;
    • IP blocking is the list mentioned above. Access to this IP address is blocked if it is detected.
  • DNS domain name hijacking
    • Before sending a request for a domain name, you need to query the corresponding IP address through the DNS service.
    • The ** mechanism can return the wrong IP address when you query;
  • Packet filtering by keyword
    • After knowing the IP address, the system initiates HTTP requests, and intercepts the request if it contains blocking keywords.
  • Traffic monitoring
    • Detection of flow direction and frequency;


  • Proxy server (forwarding data with foreign host)
    • Use a broader approach, using a normal server to relay requests;
  • Data encryption (with encryption software)
    • So that the ** mechanism cannot detect the requested content;
  • Use a secure VPN connection
    • Establish a dedicated network channel between the requester and the receiver;

If the proxy server to solve

If you just need to bypass the company network restrictions to listen to music or watch videos, do not need scientific Internet access, and you happen to have a cloud server, the following SAO operation should be able to meet your needs ~

SSH Tunnel (Port Forwarding)

Start with SSH dynamic port forwarding, which allows you to create a socket on your local (SSH client) machine that acts as a SOCKS proxy server. When the client connects to this port, the connection is forwarded to the remote (SSH server) machine, which is then forwarded to the dynamic port on the target machine. The command line is as follows:

Copy the code

In Windows, you can use Xshell and Finalshell to create an SSH connection. Then, set the tunnel in the Settings, select socks5, and set the listening port. The default port is 1080 and the address is

Here’s my example of finalshell:

Don’t forget to make sure the connection is open when you use it

SwitchyOmega (Browser proxy)

If you need to access music sites through your browser (and video sites should do the same), just install SwitchyOmega and do the following

Then you should be able to access music sites normally

Client HTTP proxy

The music website always has many restrictions, many songs can not listen ~, we can directly set up the client proxy, so that you can directly use the client to listen to the songs.

So there is a small problem at this time, we build through SSH dynamic port forwarding is SOcks5 proxy, and general clients are using HTTP proxy, how to do?

Don’t panic! There are many methods, I found a small program socks5toHttp on the Internet, it can realize the SOcks5 proxy service into HTTP proxy service, see readme.txt for specific use, the effect is as follows:

Of course, you can also use other programs to implement socks5 proxy service to convert HTTP proxy service, such as

  • Blogtt. Readthedocs. IO/en/latest/t…

Ensure that the program has been run before use

After the conversion, we can directly configure the corresponding HTTP proxy in the client ~, take QQ music client as an example

Port Set the HTTP proxy port after the translation. The IP address is

This is done, if you are in the client configuration proxy, then with your scientific Internet access is basic conflict, both can exist at the same time

Extend the learning

Finally, how can we not expand our knowledge? Since the use of SSH proxy, it is natural to understand, is the so-called know what it is know why, relevant links to bring you ~

  • Play SSH port forwarding
  • What is the difference between HTTP and SOCKS proxies?

Refer to the link

Some of the content is referenced from the following article

  • Bypassing the gatekeeper and sneaking out to surf the Internet