Penguin

Transparent Proxying is when you use NetworkAddressTranslation to intercept traffic going to specific port and redirect it to go to a proxy. This is very popular in NewZealand ISP's to redirect traffic to port 80 (HTTP) to a WebProxy, so they can attempt to proxy common content and save bandwidth (as all international traffic to/from NewZealand carries charges). The flaw in this plan is that while the proxy is supposed to be transparent (ie: you're not supposed to be able to tell it's there), far too often it becomes opaque, and you can tell that it's there. Common problems with Transparent proxies:

  • The source address is no longer your machine but the proxy, so any website that uses IP based authentication won't work.
  • The source address may come from different IP's every time you request a page, so any website that remembers what IP your on and requires you to login each time you change it will ask you to login again always, sigh.
  • The TransparentProxy accepts the connection, gets the request then goes and finds out if the page is available, so your browser doesn't get to handle events such as "Connection Timed out" or "Connection Refused"
  • The TransparentProxy resolves the destination host again which may be different to what your machine resolves it to, for instance if you use an AlternativeRoot1?, or have a /etc/hosts (hosts(5)) entry for the machine the TransparentProxy will either fail to find the DNS for it, or even worse, find its own one (which may be an old cached incorrect version).
  • Your ISP uses software that is not clever enough. For example, Xtra's proxy (used to? still?) didn't look at the "Accept-Language" header. For example, if I send a request for the home page of www.debian.org with Accept-Language set to French, and you later send a request for the same page (but your browser sends a different language for Accept-Language) then you might get the French version if the proxy decides that the page is not yet expired. That would explain why I kept getting debian pages in french! Why couldn't you just read them in plain english like everyone else? <grin> -- PerryLorier

1?: Not a good idea at the best of time anyway.

But I want to do it anyway?

http://www.tldp.org/HOWTO/TransparentProxy.html http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy http://www.lesismore.co.za/Squid_3_Transparent_Proxy


Part of CategoryNetworking