{"id":20,"date":"2010-01-15T08:00:03","date_gmt":"2010-01-15T08:00:03","guid":{"rendered":"http:\/\/www.proxville.com\/guides\/?p=20"},"modified":"2024-09-02T12:10:26","modified_gmt":"2024-09-02T12:10:26","slug":"intercepting-proxy-server","status":"publish","type":"post","link":"https:\/\/www.proxville.com\/guides\/intercepting-proxy-server","title":{"rendered":"Intercepting proxy server"},"content":{"rendered":"<p style=\"float: left;margin: 4px;\"><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-2174962885476117\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Responsive -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-2174962885476117\"\r\n     data-ad-slot=\"5070544181\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><\/p><p>Intercepting proxy combines a proxy server with a gateway or router  (usually with NAT capabilities). Connections made by client browsers  through gateway will be used for the proxy without client-side  configuration (or often knowledge). Connections can also be diverted  from a SOCKS server or proxies other circuit-level.<\/p>\n<p>Intercepting proxies are also commonly known as &#8220;transparent&#8221; proxies,  or &#8220;forced&#8221; proxies, presumably due to the existence of the proxy is  transparent to the user, or the user is forced to use the proxy  regardless of the locale.<\/p>\n<p>Purpose<\/p>\n<p>Intercepting proxies  are commonly used in businesses to prevent avoidance of acceptable use  policy, and to ease the administrative burden, since no client browser  configuration is required. The second reason however, is mitigated by  features such as Group Policy in Active Directory or DHCP and automatic  detection of proxy.<\/p>\n<p>Intercepting proxies are also commonly used  by ISPs in some countries to save upstream bandwidth and improve  customer response times by caching. This is more common in countries  where bandwidth is limited (eg, island nations) or must be paid.<\/p>\n<p>Some Known Issues<\/p>\n<p>The diversion \/ interception of a TCP connection  creates several problems. First, the original IP and port of destination  must somehow be communicated to the proxy. This is not always possible  (for example, when the proxy gateway and be in different machines).  There is a kind of cross site attacks that rely on some practices of  intercepting proxies that do not make or have access to information on  the original (intercepted) destination. This problem can be solved by  using an integrated package of standard and application-level device or  software that is then able to communicate this information between the  controller and proxy package.<\/p>\n<p>Intercept also creates problems  for HTTP authentication, specifically oriented to the connection as NTLM  authentication because the client browser thinks he is talking to a  server instead of a proxy. This can cause problems in an intercepting  proxy requires authentication, the user connects to a site that also  requires authentication.<\/p>\n<p>Finally intercept connections may  cause problems to the HTTP caches, as some requests and responses become  uncacheble by a shared cache.<\/p>\n<p>Therefore intercept connections  is generally discouraged. however, due to the simplicity of the  implementation of such systems, which are widely used.<\/p>\n<p><strong>Detection <\/strong><\/p>\n<p>It is often possible to detect the use of a proxy  server to intercept by comparing the external address of the client IP  address seen by an external web server, or sometimes by examining the  HTTP headers received by a server. A number of sites have been created  to address this problem, to inform the user&#8217;s IP  address.<\/p>\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Intercepting proxy combines a proxy server with a gateway or router (usually with NAT capabilities). Connections made by client browsers through gateway will be used for the proxy without client-side configuration (or often knowledge). Connections can also be diverted from a SOCKS server or proxies other circuit-level. Intercepting proxies are also commonly known as &#8220;transparent&#8221; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/posts\/20"}],"collection":[{"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/comments?post=20"}],"version-history":[{"count":4,"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/posts\/20\/revisions"}],"predecessor-version":[{"id":374,"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/posts\/20\/revisions\/374"}],"wp:attachment":[{"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/media?parent=20"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/categories?post=20"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.proxville.com\/guides\/wp-json\/wp\/v2\/tags?post=20"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}