Transparent proxy

Similar Messages

• Can not add Exceptions to Transparent proxy

  Hello all,
  I am sure this is simple but I can not figure out what has changed to cause this. Currently, I can not add items to the exception list in HTTP Transparent Proxy.
  I only see refresh and close buttons on the screen - no Apply changes.
  I have 2 BM servers and one I have access to without issues but the other does not work.
  It definitely worked at some point in time because it has 25 entries but has since stopped.
  What am I missing?
  Thanks,
  Steve D.

  sjdimare wrote:
  > Here are the details:
  >
  > Both servers are identical in configuration (other than ip addresses):
  >
  > NW 6.5 SP7 and updated TCP
  > BM 3.9 SP2 (tweaked per CJ website)
  >
  > Both servers exist in their on OU which is partitioned
  >
  > The server that is working currently only has 17 exceptions but I do
  > not think it is a # of exceptions issue.
  >
  > While in iManager, if I select Proxy Services, on the main page the
  > buttons on the bottom of one server shows "Apply Changes, Backup and
  > Close" while the non-working server only has " Refresh and Close". This
  > seems to indicate to me that their is a rights or roles issue in
  > iManager that did not exist before but I can not figure out where.
  >
  > Thanks for your assistance.
  >
  > Steve D.
  >
  >
  1. Tid 3506678. Apply Changes button is missing in the iManager server
  configuration proxy screen
  Be aware of the issue when you manager a bm server from non local
  iManager instance. Tid 7001625:Apply changes button not submitting changes

• IPhoto '08 Book upload errors with squid transparent proxy - tip

  Hi folks
  I've just "solved" a problem I was having with iPhoto Book uploads. The solution may apply to other publishing products from iPhoto and possibly iDisk uploads too.
  My firewall & proxy setup is basically Linux iptables redirecting all outbound http (port 80) connections to a dansguardian filter, which in turn is passed onto a squid instance running as a transparent proxy (oh, and there's a privoxy in this all too!). Yeah, OK, I know, slightly paranoid, but I don't want my children accidently browsing stuff I don't think they are old enough for yet!
  Now I had the problem before with iPhoto '06 as well, but at the time just didn't have the time or inclination to figure out what the problem was, and just did the book order and upload from the office, where it went through without a problem. This time I decided to dig a bit and see what was happening. The clue that triggered off the solution was watching the part of the order process where the book data is uploaded. In my default setup, the upload bar would scream through to 100%, and then sit there for ages, before coming back with a connection error. Watching the network flashy lights on the NIC on the firewall though, it suddenly dawned on me that what was happening was that the upload was screaming through to the squid (as there was no outbound network activity from the firewall while this was happening) and then sitting there waiting for squid to pass it on to the Apple site (as shown by the outbound NIC activity light suddenly going bonkers once the uoload bar hit 100%).
  So clearly there's a problem sending book orders via a squid proxy setup as a transparent proxy. It might also very well be dansguardian interfering and wanting to take the entire upload and checking it before passing it on to squid. I already have site exception setup for all apple.com urls though in dansguardian, so didn't think it would be that. I thought about dicking around with the squid acl's but didn't have the enthusiasm to spend half the day getting that working.
  So what I did in the end was tail the squid logs to see what was being proxied whilst the book order was going on, and then dropped in 3 new rules in my iptables setup just before the redirect rule. Tried ordering the book again, and voila!
  The three rules I inserted were:
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp -d mercury.apple.com -j ACCEPT
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp -d configuration.apple.com -j ACCEPT
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp -d publish.mac.com -j ACCEPT
  The "-s ! 10.1.1.1" bit is obviously particular to my setup, as I wouldn't want connections from the router itself being proxied, so that may need to either be customised or left out altogether. These three rules are then immediately followed by the redirect:
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp --dport 80 -j REDIRECT --to-port 8081
  Hope that is of some help to someone out there!
  K

  Tony,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• How to configure Transparent proxy on solaris 10, x86

  Dear All,
  I am trying to configure a transparent proxy on solaris 10, x86 system.
  Can any body tell me the direction that i have to follow. I want to configure it through Sun java web proxy server 4.
  Thanks and waiting for your kind reply.

  The thread was from quite some time. You mentioned that transparent proxy functionaliity was scheduled to be a part of one of the service packs. Have this happened yet? I cannot see it in the documentation nor i the admin GUI, but I might be looking in the wrong place.
  I'm running version: 4.0.5 B04/18/2007 11:01
  Kind regards

• System-wide Transparent Proxy With URL Patterns

  Internet censorship -where I live- has almost turned web unusable so  I decided to setup a transparent proxy using Tor for my home network.
  Since Tor is so slow -here- proxying all traffic through Tor would slow my connection to a crawl.  Therefore I need a mechanism to selectively proxy the traffic.
  I know a bit of 'iptables' and it looks to me like the solution to my problem.  However there's a trick.  As most of the websites I need to access through Tor (like Google+, Facebook and such) use several IP addresses for their entry points, it's almost impossible for me to add 'iptables' rules for all of those IP addresses.  I need a mechanism to proxy the traffic based on URL patterns.  For example I need to be able to proxy access to '*.facebook.com' through Tor.
  So the question boils down to:  how can I setup a system-wide transparent proxy using URL patterns?
  Any idea/hint is much appreciated.  TIA,
  Bahman
  Last edited by bahman (2012-01-04 07:48:44)

  Use privoxy with socks5 forwarding:
  http://www.privoxy.org/user-manual/config.html#SOCKS
  http://www.privoxy.org/user-manual/acti … F-PATTERNS

• Content engine 510 - transparent proxy stand-alone

  Hello to all,
  after studying architecture examples about Content Engine 510, I found that there is two modes:
  1) standard proxy
  2) transparent proxy
  I need the transparent architecture !
  But every example about transparent mode seems to include a router or a switch with a particular level of software, that can send http requests to the Content Engine to have cache.
  I don't have any of these components.
  I simply need to have a Content Engine that receive any kind of IP protocols on one ethernet, and route it to the other ethernet plug, except that if it is http protocol, it will cache the pages.
  Is is simply impossible to configure the Content Engine 510 that way ?
  Is the transparent proxy mode always requires a router or a switch to give it the http flow ?
  If it is possible, where can I find some configuration examples ?
  Thanks to help a newbie in content engine...
  Olivier

  Olivier,
  You'll need to have a router running wccp in order to redirect http requests to the cache. Withouth this, the cache has no visibilty of traffic on your LAN.
  Regards,
  Dave

• An Exception thrown "Unable to cast transparent proxy to type " when running on Azure emulator

  Hello, When i run my solution on azure emulator this exception thrown:
  System.InvalidCastException was unhandled
    HResult=-2147467262
    Message=Unable to cast transparent proxy to type 'Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleRuntimeBridge'.
    Source=WaWorkerHost
    StackTrace:
         at Microsoft.WindowsAzure.Hosts.Worker.Loader.CreateConsoleRole(Parameters parameters)
         at Microsoft.WindowsAzure.Hosts.Worker.Loader.Main(String[] args)
    InnerException: 
  Any help?

  We are having the same issue - our worker role just recycles with this "Unable to cast transparent proxy to type 'Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleRuntimeBridge'." error.
  We can't really put a breakpoint in CreateConsoleRole and Main - that's Microsoft code from the Azure SDK.
  Not sure why this was marked as answered.

• Transparent proxy & IP/IP gateway

  I am trying to configure our BM3.7 system to us transparent proxy in
  conjunction with IP/IP gateway.
  I want to be able to take advantage of the caching features of the
  proxy and
  the access control of the gateway.
  According to the install manual I must have the client configured with
  the
  IP gateway client software. However, it does not work correctly for
  some
  reason. The current proxy gateway status shows "No HTTP proxy server
  found"
  At one point I DID get a proxy server connection and things worked
  great,
  but for some reason I list it again after only a few minutes. ( I may
  have
  inadvertently changed a setting that screwed it up) Now, I can not
  get ti
  to work. Can any one give some suggestions?

  OK, I think I have it.
  I don't need the gateway. (Although the install PDF says I do)
  From other article I see that the IP/IP gateway is no longer required
  for
  access control ( as the PDF states)

• Transparent proxy server

  Hello everybody!
  My client want me to create a transparent proxy server which logs words retrieved from the data stream and records word frequencies.
  Can anyone explain me what is a transparent proxy server and what my client exactly wants from the application?
  Thanking you in advance for your valuable discussions.

  Can anyone explain me what is a transparent proxy server and what my client exactly wants from the application?You know what a proxy server is right? I guess in your context a transparent one is one that does nothing apart from the logging you require. It is probably a better idea to ask your client exactly what they want from the application!
  Apache JMeter is open source and contains a proxy server that just logs - you could download the source and see how it works.

• Onenote syncing through a transparent proxy..or not!?

  I'm having some people asking to use Onenote on Android - these devices sync through a transparent proxy as I can't enter a port number for the Onenote Sync - but because the application doesn't seem to support SNI (Server Name Indication) I get
  an error message.  The only way I can see to configure this on my firewall is to allow no HTTPS inspection on the IPs to which Onenote syncs.  The problem with that is that there is a range...?
  Is there a domain that I can put in, or a specific range of IPs I can enter!?  I've tried all the usuals...live.com, live.net etc.  I've also done a reverse lookup on one of the IPs I know it syncs to, but it doesn't resolve!
  Any bright ideas?
  Everytime you buy an Apple product, god kills a kitten.

  I am not clear that the certain network ports that are required for Office OneNote, but we can still refer this article which lists the firewall ports when we connect to Office 365.
  http://blogs.technet.com/b/educloud/archive/2011/11/30/what-firewall-ports-do-i-need-open-to-connect-to-office-365-for-education.aspx
  Or, we may consider to use network monitor tool to find them.
  Thanks.
  Tony Chen
  TechNet Community Support

• Fileserve Blocked via Transparent Proxy.

  I have been having problems downloading files off fileserve.com. When I try it gives a CATCHPA error.
  After a bit of research it seems that fileserve.com has been blacklisted by the IWF and as a result, all requests for files are routed through a transparent proxy meaning all UK users have the same IP address (or a very small number of IP addresses) resulting in this CATCHPA error.
  Is anyone else on BT having problems with fileserve? Would someone at BT confim that this is in fact the case?
  Thanks

  Fluffbutt wrote:
  What the **bleep**?
  I was pointing out that it's happening again, the first time was March, as from the post dates..
  Now, 8 months later it's happening again.
  Why is it pointless to comment and make people aware that BT are screwing us over again?
  (oh.. that was a stupid question.. the answer is obvious.)
  Hi.
  I can connect to www.fileserve.com ok, is it something deeper than that ?
  Can you give the exact details of the blocking you are seeing ? If it is the IWF, then I'm afraid that's the problem for fileserve.com to sort out.
  http://www.andyweb.co.uk/shortcuts
  http://www.andyweb.co.uk/pictures

• Transparent proxy with ACE+CE (Client-ip spoof) slow response.

  I have configed transparent proxy with ACE and CE510+Bluecoat. I also enable client-ip spoofing. I use PBR for redirect request web page from client to ACE and I also use PBR for return traffic from any web servers to ACE(make complete flow for client-ip spoofing). Any thing is fine, but I have a little bit issue that when I try to browse to the new website and ACE load my request to CE510, I seem long time for page response, I monitor at ACE, it show connection is "ESTABLISH". When first page on these new website response after that I try to browse other pages on these new website, the response is normal. This happen for everytime that I test. I have already send configuration of ACE and CE. Anyone, please see anything that I config is correct. Thank you very much.

  Following link may help you
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00806b728a.html

• Site not working through Transparent Proxy

  I have a site that will not load through transparent proxy at one of my buildings.
  I have 2 buildings with same BM setup (3.9SP2 on NW6.5 SP7). At one location, I can not resolve a web site when running through transparent proxy.
  At the other location, it works just fine.
  Also, if I set the proxy to either BM server, the site loads without incident.
  As another note, both locations use the same internal DNS server which is located in the building where transparent proxy works for this site.
  What am I missing?
  Any ideas as to what to try next is greatly appreciated.

  On 03/16/2010 03:26 PM, sjdimare wrote:
  >
  > Thanks for the reply. Both BM servers are using the same proxy.cfg file
  > - Craig Johnson's - revision 30.
  >
  > I ran a lan trace on 2 separate PCs from the different networks.
  >
  > On the working network, you can see the DNS lookup in the wireshark
  > log.
  >
  > In the network where it is not working, there is no DNS entry even
  > showing that it is trying to resolve the domain name. Other sites are
  > working just fine and you can see the DNS entry going to our internal
  > DNS server.
  >
  > In the non-working segment, if I hard set the proxy, you see an HTTP
  > entry going to the proxy server and resolving the domain in question.
  >
  > Very strange.
  >
  > Any new ideas are greatly appreciated.
  >
  > Steve D.
  >
  >
  Then the pc failing has problem to resolve the entry. When you force the
  browser, pc does not resolve anything, just send the url to bm and bm
  resolve it. With TP, it is the PC who makes it. It could be that this pc
  has already cached this site. But then you should see the reqesut goign
  to the bm server. Without seeing the traces ( i do not understand your
  there is no DNS entry even
  showing that it is trying to resolve the domain name,) i can not comment
  in more detail other that you've got a PC or network problem or dns
  problem with this particular site, but not a bm.
  if trace shows dns query from the pc and no answer, but is really
  strange, do the same step but this time take a lan trace on the dns
  server to confirm that request is received and what it does with it.

• Cache engine http transparent proxy and caching

  Hi..
  My customer some GPRS user in which they couldn't control proxy setting of the web browser.
  Is it possible to configure on a cache engine such that when these users access the Internet, they will be intercepted by the cache engine. THe cache engine then forwards the request to a proxy server and out to the Internet ?
  Rgds
  Eng Wee

  It is possible to configure the cache engine to provide access to the users. The following URL shows an example on how to configure the Cisco Cache Engine for transparent caching using the Web Cache Coordination Protocol (WCCP).
  http://www.cisco.com/warp/public/117/cache_engine/transparentconfig.html
  This scenario is pretty similar to your requirement. Hope this helps.

• Config transparent Proxy with LDAP authen with L4 switch?

  How to config policy based routing on L4 switch if wsa run in transparent mode with LDAP authentication?
  Async OS: 5.1.0-420
  Thank you,
  Thanapol

  Ezekiel,
  I wanted to add some clarification to your comments:
  1) Network TAP connected to T1/T2.
  This will work good. You will need to tap one direction of traffic to the T1 port and the other direction in to the T2 interface.
  2) L4 switch connected to P1.
  This will NOT work. Further explaination below. What you can do is use a switch that supports port spanning / port mirroring. You'll need to send a COPY of all traffic going to gateway to the T1 interface.
  The L4TM will need to be in 'duplex' mode - Configurable in the GUI.
  3) WCCP v2 connected to P1.
  WCCP cannot be used at all with the L4TM, because WCCP doesn't 'copy' the traffic, it redirects it.
  L4TM information
  The L4TM can be thought of as a completely seperate appliance that operates primarily via the t1 / t2 interfaces.
  The L4TM is a sniffer application, meaning that you cannot redirect traffic to it (such as L4 switching PBR or WCCP), but you can send a copy of traffic to it (port mirroring or physical tap).
  If you are blocking with the L4TM, the WSA will use M1/P1 to send the TCP RST packets. This is the ONLY use for the M1/P1 interfaces that the L4TM will use.
  The P1 interface is intended to be used for Web proxy traffic and the L4TM does not listen on this interface.