Proxy auto configuration for an enterprise network
Proxy servers are commonly used in corporate network. I prefer using squid proxy, probably one of the most robust, feature rich proxy servers out there.
I usually use web proxy servers (squid) for end users are used for the following reason
- Cashing of the web contents and DNS, which helps with Internet bandwidth optimization and Faster website load time
- Access control to internet resources, client bandwidth control
- Assist with content filtering (like SquidGuard)
- Maintaining client access log for security compliance
- Protecting client machines from direct exposure to Internet
Setting up proxy server setting in all client machine can be a time consuming business, if we have to manually configure and maintain each and every browser running on the network. However running a transparent proxy on the gateway is a quick and easy to way ensure all traffic goes through proxy server.
Setting up transparent proxy which in effect redirects web traffic through the network gateway works very well for http traffic (unsecured), but with https (secured connection) things starts get a little complicated, when we enable transparent more for https traffic; a dummy certificate has to be present in the squid proxy server. This is to enable the client (browser) to keep communicating in secured mode using https while it goes through the squid proxy. This can be easily done using squid, however this is probably not a clean way of doing it. When I tried enabling my squid handle https traffic in transparent mode, my browser was not very happy about the certificate coming from squid proxy in middle. What bothered me the most is, I could not find a way the client browser to work with this new certificate from squid without complaining.
This made me take a different approach. Proxy auto configuration is a powerful feature, supported by most of the browser. This enables the administrator to push out complex proxy setting to any client in that network.