StackX Proxy is the StackX product for managed outbound proxies based on Squid.
It allows users, teams, or applications to connect to the Internet or restricted services through a controlled fixed IP address, with authentication, filtering, and logging according to the selected scope.
The primary use case is simple: access private services or services restricted by IP address without requiring a permanent VPN, while avoiding direct exposure of users’ personal, office, hotel, mobile, or temporary network IP addresses.
StackX Proxy is used internally by ScalarX and is now integrated into the StackX installer. Depending on requirements, the product can be scoped and delivered in a dedicated or shared architecture.
What StackX Proxy Provides
Typical Use Cases
| Requirement | StackX Proxy Response |
|---|---|
| Fixed IP filtering | Egress through a known, stable IP address to access allowlisted services |
| Access without a permanent VPN | Proxy authentication for use cases in which transport security is already handled |
| Limit user exposure | Users’ actual IP addresses are not exposed to the services they access |
| Access to private services | Controlled egress point for consoles, back offices, APIs, or restricted tools |
| Controlled browsing | Option to use the proxy for web access through a managed path |
Technical BaselineSquid, authentication, and filtering
| Component | Role |
|---|---|
| Managed Squid | Outbound HTTP/HTTPS proxy with a controlled configuration |
| Authentication | Access limited to authorized users |
| User management | Add, check, and remove accounts through serialized changes |
| Fixed egress IP | Controlled address or address pool, depending on the architecture |
| ACLs and filtering | Restrictions by source, authenticated user, and permitted ports. Advanced rules require separate scoping |
| Access logs | Usable traceability for proxy connections within the defined scope |
| Local firewall | Exposure limited to the required ports and sources |
Authentication and transport are separate concerns.
Authentication controls access to the proxy. From an untrusted network, transport must also be protected through a source restriction, an SSH/VPN tunnel, or a dedicated TLS layer.
Architecture ModelsDedicated, shared, or per-zone proxy
| Model | Benefit |
|---|---|
| Dedicated proxy | Maximum isolation for a client, team, or sensitive scope |
| Shared proxy | Controlled sharing for uses that do not require a dedicated instance |
| Per-zone proxy | Controlled egress from a given geographic or network zone |
| Per-project proxy | IP address and rules dedicated to an application, provider, or specific business requirement |
StackX Bastion and StackX Proxy are separate products.
When both are needed, they are deployed and operated as separate roles to maintain a clear separation of functions and limit the exposure surface.
Naming convention:
The -prd, -drs, -stg, -dev, and -bkp roles are detailed on the StackX Conventions page.
When to Choose StackX Proxy
| Context | Benefit |
|---|---|
| SaaS or API restricted by IP | Provide a stable IP address to declare to the third-party service |
| Distributed team | Provide a shared egress point with transport suited to the context |
| Emergency or mobile access | Retain a controlled path, supplemented by a tunnel or TLS layer on an untrusted network |
| Sensitive back offices | Avoid broad Internet exposure while retaining operational access |
| Network privacy requirement | Reduce direct exposure of the user’s IP address while browsing |
Product Positioning
| Item | Status |
|---|---|
| Technical foundation | Squid managed by ScalarX |
| Internal ScalarX use | Already in internal production |
| StackX industrialization | Product integrated into the installer and StackX post-install checks |
| Client availability | Subject to scoping, architecture, and the requested isolation level |
| Natural complement | StackX Bastion for operator access and multi-server operations |
Need a fixed egress IP or a managed authenticated proxy?
We can define the right model: dedicated or shared proxy, network restrictions, authorized users, logs, and isolation level.
Define Your Proxy Scope