Transparent versus non-transparent proxying

Article #:

Product

Castle

1647

 

All

Summary

Smoothwall's web proxy service can be configured to operate in either transparent or non-transparent mode - but what are the differences, and how should you choose between them?

Problem

Transparent versus non-transparent proxying

Solution

In transparent mode, there are no special configuration steps needed to setup client browsers, thus allowing the proxy service to be activated and in-use almost immediately. Once activated, all traffic destined for the Internet arriving on port 80 is automatically redirected through the proxy.

Both transparent and non-transparent proxying can be used together at the same time. Enabling transparent does not stop non-transparent from working. In situations where transparent is the norm but a specific application requires non-transparent you can simply configure the proxy settings in that application.

Why use non-transparent proxying?

The main reason to use a non-transparent proxy is so that the web browser and other client applications know that a proxy is being used, and so can act accordingly. Initial configuration of a non-transparent proxy might be trickier, but ultimately provides a much more powerful and flexible proxying service. Spyware and worms that use the web for transmission may not be able to function because proxy settings are unknown. This can reduce the spread of malicious software and prevent bandwidth from being wasted by infected systems.

Configuring proxy settings in non-transparent mode

When using non-transparent proxying, appropriate proxy settings must be configured on client machines and browsers. This can be achieved in a number of different ways:

Manually

Proxy settings can be entered manually in most web browsers and web-enabled applications. Usually such settings are entered as part of the application's Connection Settings or similar. The address of the proxy is required, along with the proxy port number. These settings are displayed on the Web proxy > Web proxy > Settings page.

Automatic configuration script

The Smoothwall proxy provides a proxy.pac file that can be used to automatically configure proxy settings in most Internet browsers. To use the automatic configuration script, go to Web proxy > Web proxy > Automatic configuration.

Microsoft Windows 2000 domain

In a Windows 2000+ domain, proxy settings can be configured in the domain security policy. This eliminates the need to manually configure any part of the users system.

Automatic discovery

Many browsers support automatic discovery of proxy settings using the WPAD (Web Proxy Auto-Discovery) protocol. This is relatively easy to configure if you have a local DNS server. Using DHCP to distribute proxy settings - DHCP can also be used to set proxy settings. That might be a better method than using security policies. Currently the DHCP server on the Smoothwall firewalls cannot be used for giving out proxy.pac locations.

Microsoft Windows login script

The Windows login script can be used to import a registry file which will automatically configure the system wide proxy settings.

.ini files

Browsers like Firefox can be configured automatically with ini files. Such files could be copied or modified as part of the login script on a Microsoft Windows or Linux network.

Third party solutions

Third party applications are available for Windows which can, at login, automatically configure web browser proxy settings. These range from simple programs designed specifically to automate proxy configuration, or more sophisticated applications that provide a range of services such as monitoring the user's desktop.

When to use transparent proxying

When minimal or no network configuration is required. Transparent proxying can be useful in mixed environments containing Unix, Linux, Apple Mac and Microsoft Windows systems. This allows quick access to the web proxy for everyone, without having to configure a multitude of different platform specific applications and browsers.

Attribution:

Last updated:

Author:

Contributions by:

30 August 2016

 

Tanja

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.