[geeks] Transparent proxies

Greg A. Woods woods at weird.com
Wed Sep 18 13:44:28 CDT 2002 

[ On , September 18, 2002 at 13:29:50 (-0400), Ryan wrote: ]
> Subject: [geeks] Transparent proxies
>
> Anyone know of a method to detect transparent proxies between
> a source node and a destination web server? From reading through
> Web Protocols and Practices, it looks as if a proxy is not allowed 
> (Via RFC) to modify the majority of the HTTP header fields.

Normally in the ISP business "transparent HTTP proxy" refers to the
practice of using policy-based routing to force all HTTP connections to
go through a (normally caching) HTTP proxy.  It's "transparent" because
the users (and the ISP's bandwidth demands) get the benefit of the cache
without having to do anything special to configure or enable use of the
proxy.  In these scenarios you'll usually see at least a "Via:" header
in the HTTP request, possibly an "X-Forwarded-For:" header too, as with
this query forwarded through a test Squid box and captured with tcpdump:

	GET /~woods/projects/ HTTP/1.0
	User-Agent: Links (2.1pre3; NetBSD 1.5W i386; 80x41)
	Accept: */*
	Accept-Charset: us-ascii, ISO-8859-1, ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-9, ISO-8859-10, ISO-8859-13, ISO-8859-14, ISO-8859-15, ISO-8859-16, windows-1250, windows-1251, windows-1252, windows-1256, windows-1257, cp437, cp737, cp850, cp852, cp866, x-cp866-u, x-mac, x-mac-ce, x-kam-cs, koi8-r, koi8-u, TCVN-5712, VISCII, utf-8
	Via: 1.1 dhcp133.weird.com:3128 (Squid/2.4.STABLE7)
	X-Forwarded-For: 204.92.254.15
	Host: www.weird.com
	Cache-Control: max-age=259200
	Connection: keep-alive


However from a corporate/personal firewall perspective a "transparent
proxy" can have a whole other meaning, and such things usually operate
more at the TCP(/IP) transport layer than at the application layer
(though they may be inspecting the application layer in order to enforce
local policy, etc.).  They don't have to do anything to the application
layer that would be detectable by the remote server.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods at ieee.org>;           <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>

More information about the geeks mailing list