Proxy Transparent mode on 2.x

This entry was posted in Transparent mode on by

Advantages of Transparent Proxy

In the advantages category we have the following :

  • Simplified administration – The browser does not need to be configured to talk to a cache.
  • Central control – The user cannot change his/her browser to bypass the cache.

Disadvantages of Transparent proxy

  • Not Robust – Because transparent proxy relies on stable routed path between the client and the origin server which happens to pass through a “cached path,” it is susceptible to routing changes in the Internet.
    In other words, if a connection between a client and a cache is established and a routing change occurs which causes the client to take a path which no longer flows through the “diverting” network device, the session will break and the user will have to reload the page.
    If routes in the Internet are flapping, then results will be even more unpredictable.
  • User control – Transparent proxy takes control away from the user.
    Many users have very strong biases about caching and will actually change ISPs to either avoid it or get it.
    In Transparent mode, you cannot use authentication method. So forgot Active Directory/LDAP authentication in transparent mode. ( The only way to perform members authentication is to use the HotSpot feature )
  • Browser dependency – For successful operation, many transparent Proxys rely on the browser supplying the host name of the origin server in the HTTP request header.
    This is required because these caches cannot access the destination IP address of the origin server from the IP address of the packet.
    Therefore, upon a cache miss, they cannot determine the origin server address to send the request to.
    Some early browsers do not provide this information and therefore will not work properly with these transparent caches, but 90% of today’s browsers satisfy the above.
    In the real world, Many network providers have observed that a significant amount of HTTP requests are for non-cacheable content (as much as 35-45%).
    The hit rate and performance of the cache is inversely proportional to the amount of non-cacheable content sent to the cache.

Architectures

The main important task is able to understand that you need to change the default gateway used by clients by your DHCP service (or by installing a DHCP server on the appliance) or manually on each workstation.

statistics122

You can use your DHCP server or you can ask your default gateway to use the Artica proxy Appliance as a gateway too.

statistics123

 

Transparent mode implementation

The transparent mode allows you to use a Proxy without need to change browsers settings.
It is useful when force nodes that are unable to set proxy parameters like smartphones, servers, tablets…

Create the transparent port service.

  • On Your Proxy section, click on the link “Listen ports“.

2016-04-12_09-40-27

  • On the Main table, click on New port button
  • Set the name of this service port.
  • Turn on the Transparent HTTP option
  • define the local port in “Listen port” field ( optional because this is a local port)
  • Click on Add button.

2016-04-12_09-42-09

  • Click on Apply button on the main table to make the configuration into production mode.

2016-04-12_09-44-55

Verify redirects on Windows 7

On a client open your network connection.

28-09-2012_12-47-14

  • Pay attention of the default gateway and verify the IP address point to the proxy appliance

28-09-2012_13-54-45
Verify that your proxy did not have any proxy set in the Internet Explorer Browser settings.28-09-2012_13-58-57

  • Surf to the Web.. you should have access to websites.

28-09-2012_14-04-26

  • On artica type the url https://yourserver:9000/proxy
  • You must see requests from the client computer

31-07-2014 09-47-37

 

Leave a comment