Did you know that you can filter the web with the aid of proxy servers? Yes, you can! It is actually a common way to control and monitor HTTP(S) activity that is flowing through your IT environment. Today, there are two main types of proxy servers that you can use to filter web traffic, e.g. explicit proxies and transparent proxies.
Solution A: Explicit Proxies
Explicit proxies need to be filtered and requires the IT administrator to configure all clients in order for a server to be used. When you configure the Internet options of all your clients in the network, you have to consider the various browsers and operating systems that are running across the IT environment. With that in mind, IT admins can utilize the WPAD protocol to automate the process of delivering proxy settings to network clients. In addition, enforce these settings on client machines by using group policies.
One of your goals is to ensure that the process is sustainable for the long-term. It is imperative that your users do not change their Internet options. There should also be no other paths to the Internet except through the proxy server. If you operate in an environment where every user possesses local admin rights on their individual workstations, you should focus on addressing the rights issue first.
It’s true that explicit proxies are widely used for web filtering. In well-controlled environments, they do a good job. You should, however, be aware of its limitations. For example, there is limited mobile support for devices that need to connect to the Internet via a corporate Wi-Fi network. In this case, you need to deliver proxy settings to these mobile devices yourself. The process can be cumbersome because it is almost impossible to automate.
Solution B: Transparent Proxies
Although transparent proxies function similarly to explicit proxies, they do not require IT admins to configure every client that passes through the proxy server. This allows you to deploy these proxies on an Internet gateway. In most cases, you just need to route web traffic through them. With these proxies, you can monitor network traffic, extract or identify HTTP(S) traffic, and even act as a proxy without the client application or browser while you’re aware that replies are being served back through a proxy server.
One of the major benefits of this solution is that all clients, which are correctly routed to the Internet, will be protected and filtered no matter what the end users change or do on their machines. You will have less things to worry about, e.g. missing proxy settings, poor Internet connectivity due to misuse, and more.
Transparent proxies, however, are not 100 percent perfect. One of their limitations is the lack of authentication. Web applications and browsers do not know that they need to initiate the authentication process because the clients’ requests are handled by a proxy server. Because the usual authentication routines will not be automatically called, you need to seek web authentication support in a different way.
Which Solution is a Better Candidate?
As you can see, there are ups and downs with both types of proxy servers. You should choose a solution depending on the policies, processes, and requirements of your IT environments. Fortunately, it is possible to find a single solution that offers transparent proxy support and explicit proxy functionality. They may also include basic or integrated authentication functionality.
Can’t decide which type of proxy server to go for? Don’t hesitate to consult Proxy Key for professional advice today!