I wonder why would companies use non-transparent proxies when the transparent ones seems better to me.
Asked
Active
Viewed 2,511 times
2
-
Proxies for *what* (which protocol(s)), and in which usage scenario / for which purpose(s)? – Apr 18 '11 at 13:39
-
@Jesper I'm talking about corporate HTTP proxies – Jader Dias Apr 18 '11 at 13:40
-
From "transparent" and "http" it is a fair guess that you mean forwarding proxies, f.x. a proxy server which sits on a LAN between some company's desktop PCs and the company Internet connection. A reverse proxy (a.k.a webserver accelerator) is also transparent, but that's not what you mean? – Apr 18 '11 at 13:50
-
@Jesper I mean forwarding proxies – Jader Dias Apr 18 '11 at 13:50
3 Answers
7
One big disadvantage to using a transparent proxy is that you're unable to force users to authenticate prior to gaining access without resorting to something more complex like a captive portal:
http://en.wikipedia.org/wiki/Captive_portal
You then risk breaking lots of tools that have no problem running properly configured with a regular proxy, and force your users to actually use a browser even if their work does not require one.
In a related vein, it's also more difficult to use ACLs per-user or per-group.
If you're not interested in authenticating your users or using ACLs then you might be better off with a transparent proxy because of its ease of deploying (basically no configuration needed on the client), of course.
Eduardo Ivanec
- 14,881
- 1
- 37
- 43
3
Transparent proxies are also less good at handling https - the two options are to use SNI (which requires a recent browser) which will give accurate domain information, which can be used for monitoring, blocking or kicking off some sort of MITM, and reverse-dns which is possibly accurate enough for monitoring and not much else.
Tom Newton
- 4,141
- 2
- 24
- 28
2
Another one is that you can not bypass them. If your proxy is stuck or soemthing, the user can not just try to load a site without.
TomTom
- 51,649
- 7
- 54
- 136