There are very large differences.
In normal proxying the browser knows there is a proxy, and instead of
connecting to the origin server the browser connects to the proxy and
sends a HTTP proxy request, requesting the proxy to retrieve the
requested URL.
In transparent proxying the browser does not know about the proxy, and
attempts to contact the origin server. By abuse of TCP/IP rules to spoof
the IP address of the intended web server the cache administrator
selects to forbid the user from contacting origin servers directly and
transparently redirects the request to the proxy, which acts as an HTTP
accelerator for any server on the Internet. The request seen by the
proxy is not a proxy request, but a web server request for a specific
file on the contacted web server.
So pretty much everything is different:
* The HTTP protocol used is different.
* The address contacted is different
* The awereness that there is a proxy is different
* Proxying is TCP/IP standards compliant.
* Transparent interception is in direct violation with the fundamental
IP standard.
But unfortunately transparent interception is the best tool in many
cases the way things are today.
The drawback apart from some sligt incompabilities is that because
transparent interception seems to solve many problems (but far from all)
there is little or no focus on actually solving the real problem of
getting browsers to use the proxy they should be using when they should
use it.
Regards
Henrik
Florian Effenberger wrote:
>
> Hi Henrik,
>
> what I don't understand is: where exactly is the difference between
> transparent proxying and manually setting the proxy in the browser? Is that
> a different type of request, or why does transparent proxying not work?
>
> My problem is as follows: I have a Internet router/gateway, but want to
> block things like KaZaa and other programs, so I only open port 80 and 443.
> When I just NAT it, KaZaa and Co. can still be used, as they also hook on
> port 80. However, they (yet?) cannot deal with proxies, so I can keep them
> out by transparent proxying.
>
> When I have to open port 443 for SSL connections, like webmail, I have a
> hole in the network. Is there any good link you can provide me where to find
> out more about possibilities of tunneling SSH (and that "transparent TCP
> plug", which I never heard of :-)?
>
> Thanks so much!
> Florian
-- Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org> Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Apr 14 2003 - 13:24:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:58 MST