Organisations can use proxy servers for various reasons; to restrict access to certain content, to cache web pages and reduce internet traffic – whatever the reason various approaches can be used:
- Explicitly specify a proxy server in applications such as Internet Explorer
- Use Proxy auto-config
- Transparently force HTTP traffic through a proxy server
This blog post will focus on the last option, transparently routing traffic through a proxy server. There are some disadvantages to this approach:
- Authentication can’t be performed on a per-user basis as the web browser is unaware that traffic is bring sent through a proxy server
- Without having client computers trust a custom CA and performing a man-in-the-middle attack on all HTTPS traffic, SSL/TLS traffic can’t be sent through the proxy
Once implemented, this will look something like the following:
Continue reading Using Squid and Juniper PBR as a transparent proxy