Intercepting proxy server

Intercepting proxy combines a proxy server with a gateway or router (usually with NAT capabilities). Connections made by client browsers through gateway will be used for the proxy without client-side configuration (or often knowledge). Connections can also be diverted from a SOCKS server or proxies other circuit-level.

Intercepting proxies are also commonly known as “transparent” proxies, or “forced” proxies, presumably due to the existence of the proxy is transparent to the user, or the user is forced to use the proxy regardless of the locale.

Purpose

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease the administrative burden, since no client browser configuration is required. The second reason however, is mitigated by features such as Group Policy in Active Directory or DHCP and automatic detection of proxy.

Intercepting proxies are also commonly used by ISPs in some countries to save upstream bandwidth and improve customer response times by caching. This is more common in countries where bandwidth is limited (eg, island nations) or must be paid.

Some Known Issues

The diversion / interception of a TCP connection creates several problems. First, the original IP and port of destination must somehow be communicated to the proxy. This is not always possible (for example, when the proxy gateway and be in different machines). There is a kind of cross site attacks that rely on some practices of intercepting proxies that do not make or have access to information on the original (intercepted) destination. This problem can be solved by using an integrated package of standard and application-level device or software that is then able to communicate this information between the controller and proxy package.

Intercept also creates problems for HTTP authentication, specifically oriented to the connection as NTLM authentication because the client browser thinks he is talking to a server instead of a proxy. This can cause problems in an intercepting proxy requires authentication, the user connects to a site that also requires authentication.

Finally intercept connections may cause problems to the HTTP caches, as some requests and responses become uncacheble by a shared cache.

Therefore intercept connections is generally discouraged. however, due to the simplicity of the implementation of such systems, which are widely used.

Detection

It is often possible to detect the use of a proxy server to intercept by comparing the external address of the client IP address seen by an external web server, or sometimes by examining the HTTP headers received by a server. A number of sites have been created to address this problem, to inform the user’s IP address.