8.4  Proxy server

Even though the NAT technology used in WinRoute enables direct access to the Internet from all local hosts, it contains a standard HTTP proxy server. Under certain conditions the direct access cannot be used or it is inconvenient . The following list describes the most common situations:

  1. To connect from the WinRoute host it is necessary to use the proxy server of your ISP.

    Proxy server included in WinRoute can forward all queries to so called parent proxy server).

  2. Internet connection is performed via a dial-up and access to certain Web pages is blocked (refer to chapter 12.2  URL Rules). If a direct connection is used, the line will be dialed before the HTTP query could be detected (line is dialed upon a DNS query or upon a client's request demanding connection to a Web server). If a user connects to a forbidden Web page, WinRoute dials the line and blocks access to the page — the line is dialed but the page is not opened.

    Proxy server can receive and process clients' queries locally. The line will not be dialed if access to the requested page is forbidden.

  3. WinRoute is deployed within a network with many hosts where proxy server has been used. It would be too complex and time-consuming to re-configure all the hosts.

    The Internet connection functionality is kept if proxy server is used — it is not necessary to edit configuration of individual hosts (or only some hosts should be re-configured).

The WinRoute's proxy server can be used for HTTP, HTTPS and FTP protocols. Proxy server does not support the SOCKS protocol ( a special protocol used for communication between the client and the proxy server).

Note: For detailed information on using FTP on the WinRoute's proxy server, refer to chapter 25.4  FTP on WinRoute's proxy server.

Proxy Server Configuration

To configure proxy server parameters open the Proxy server tab in Configuration → Content Filtering → HTTP Policy.

HTTP proxy server settings

Figure 8.15. HTTP proxy server settings


Enable non-transparent proxy server

This option enables the HTTP proxy server in WinRoute on the port inserted in the Port entry (3128 port is set by the default).

Warning

If you use a port number that is already used by another service or application, WinRoute will accept this port, however, the proxy server will not be able to run and the following report will be logged into the Error log (refer to chapter 22.8  Error Log):

failed to bind to port 3128: another application is using this port

If you are not sure that the port you intend to use is free, click on the Apply button and check the Error log (check whether the report has or has not been logged) immediately.

Enable connection to any TCP port

This security option enables to allow or block so called tunneling of other application protocols (than HTTP, HTTPS and FTP) via the proxy server.

If this option is disabled, the proxy server allows to establish connection only to the standard HTTPS port 443) — it is supposed that secured web pages are being opened. If the option is enabled, the proxy server can establish connection to any port. It can be a non-standard HTTPS port or tunneling of another application protocol.

Note: This option does not affect the non-secured traffic performed by HTTP and/or FTP. In WinRoute, HTTP traffic is controlled by a protocol inspectors which allows only valid HTTP and FTP queries.

Forward to parent proxy server

Tick this option for WinRoute to forward all queries to the parent proxy server which will be specified by the following data:

  • Server — DNS name or IP address of parent proxy server and the port on which the server is running (3128 port is used by the default).

  • Parent proxy server requires authentication — enable this option if authentication by username and password is required by the parent proxy server. Specify the Username and Password login data.

    Note: The name and password for authentication to the parent proxy server is sent with each HTTP request. Only Basic authentication is supported.

The Forward to parent proxy server option specifies how WinRoute will connect to the Internet (for update checks, downloads of McAfee updates and for connecting to the online Kerio Web Filter databases).

Set automatic proxy configuration script to

If a proxy server is used, Web browsers on client hosts must be configured correctly. Most common web browsers (e.g. Internet Explorer, Firefox/SeaMonkey, Opera, etc.) enable automatic configuration of corresponding parameters by using a script downloaded from a corresponding website specified by URL.

In the case of WinRoute's proxy server, the configuration script is saved at

http://192.168.1.1:3128/pac/proxy.pac,

where 192.168.1.1 is the IP address of the WinRoute host and number 3128 represents the port of the proxy server (see above).

The Allow browsers to use configuration script automatically... option adjusts the configuration script in accord with the current WinRoute configuration and the settings of the local network:

  • Direct access — no proxy server will be used by browsers

  • WinRoute proxy server — IP address of the WinRoute host and the port on which the proxy server is running will be used by the browser (see above).

Note: The configuration script requires that the proxy server is always available (even if the Direct access option is used).

Allow browsers to use configuration script automatically...

It is possible to let Internet Explorer be configured automatically by the DHCP server. To set this, enable the Automatically detect settings option.

WinRoute's DHCP server must be running (see chapter 8.2  DHCP server), otherwise the function will not work. TCP/IP parameters at the host can be static — Internet Explorer sends a special DHCP query when started.

Hint

This method enables to configure all Internet Explorer browsers at all local hosts by a single click.