0

What is the best way to enforce an appliance to route its traffic through the corporate proxy? that would be both inline and forwarding traffic to a parent proxy? the corporate proxy can authenticate hosts by ips, as long as the source ips are kept intact in the traffic. the traffic is mostly HTTPS, and it should NOT be intercepted as if certificates are manipulated, most likely the appliance will not work as supposed to be.

I have tried squid 3.5, however, for some reason, the corporate proxy was not accepting its connections. the corporate proxy was refusing to pass traffic and asking for user/password authentication! now when I think about it, it could be due to the X-Forward or manipulated HTTP headers.

I am wondering before I start down this route again, should I reconsider squid, or use haproxy, or nginx? anyone have gone through this exercise before? any hints, urls, possible sample configurations to start with? things to watch for?

Walid
  • 143
  • 6
  • 1
    Is the appliance not configurable?! that would be very odd. – Michael Hampton Jan 10 '19 at 21:26
  • yes not configurable for direct proxy configuration, it is expecting transparent proxy, or be exempted to go via proxy. we have at least a handful of devices that assume the same, however, the use case for others merely getting updates and that can be done manually offline, this specific case is more critical to be connected for updates, registration, and utilization reporting (licensing) – Walid Jan 10 '19 at 21:29

0 Answers0