Why does our application need to be proxy-aware?

Hi!

We have been asked by customers to update our application to be able to use it in their company, which uses proxy servers for all internet access. I haven't quite understood the details of how proxy servers work. I hope someone can explain this, googling didn't really help.

I'll try to explain how I think (which is probably wrong...):

When our application sends a WebRequest, isn't it the operating systems task to handle this? So if the user has entered proper proxy settings in network setup in Windows, then Windows should see the WebRequest, add the necessary proxy info and send it to the proxy for handling?

Why would our application need to specifically ask for the WebRequest to be handled with "SYSTEM_PROXY"?

And in what scenario would our application need to also open for the possibility of an application setting for proxy IP, user name and password?

Thanks for any clarifications!

Best regards,

Knut
LVL 8
Knut HunstadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
No it isn't the OS's work to handle proxy access.  Proxies are application layer service to work on you applications behalf.
Your system is effective not allowed to get blind access to the Internet.., you first need to contact a proxy and then request that to do your web request.   The 2nd request can be validated for business specific rules, even for SSL/TLS when after the 2nd connect is allowed the remainder cannot be tracked.

There is a mode of proxying called transparent proxying, except that it cannot do part of the verification when SSL / TLS is involved.
Unless you break the security by doig MITM attacks on ALL connections. (So it isn't that transparent...).
1
Knut HunstadAuthor Commented:
OK, seems I just have to accept that's the way it works. Even though I still can't see why it's not like disk access. I mean: when I want to open a file, I don't specify in my application precisely how to access the hardware. That's the OS's job. Why it's different for internet access, I don't quite grasp.

That aside, I can't see any explanation of why I should choose to give the user options to specify proxy settings in our application? Wouldn't it be enough to have the application check the OS's settings and use these if they are set to use a proxy?
0
nociSoftware EngineerCommented:
No the problem is that you connect to a proxy so that the proxy (thats why it is called a proxy) can make the later connection for you.
So you need to connect TWICE.   First you connect to the proxy (mostly using the SOCKS protocol in one of its incarnations, or HTTP proxy protocol, then send a connect request on your behalf to the proxy).

And yes IF a proxy specification does exist then you can obviously use that.
On linux systems there is the environment variable http_proxy that does just that.
if a process sees HTTP_PROXY=proxyhost:proxyport  it will use those to connect to a proxy.
Well it is supposed to do that, the programmer still has to build that support.
Not sure how you could interrogate IE about proxy settings.
This tool explains a lot about it:
https://linux.die.net/man/1/curl

Scroll down to the Environment  section   (or text search for _proxy).
0
Knut HunstadAuthor Commented:
Sorry, but I still don't quite get it:

- If I specify a proxy in "Network proxy settings" and add username/password for the proxies IP-address in "Windows credentials"

doesn't that mean Windows sends all IP-requests to the proxy with these settings? Or are these settings simply a place to store the info for any application that specifically asks for them?

Why is it made this way? Isn't the point of a proxy to:

- give the company control over what user's can access on internet
- improve speed by caching web pages

Why does every application have to be aware of this? When would the user of an application choose to _not_ use the standard proxy settings of Windows?
0
nociSoftware EngineerCommented:
What will happen is this:

Endpoint connects to PROXY  and Send username & credentials
 Proxy evaluates this info not ok Return Error and disconnect.
if authentication is ok proxy returns ok and waits for nex
Endpoint  then send request + <remote host> & <port>   to the proxy which will evaluate the info like if  hostname/ipaddress & portnumbers are acceptable and if so,  tell send it is OK & execute the connect request and then pass on all info in both ways.
if not acceptable then return error & disconnect.

I this way a proxy can be used to authorize connections to outside sites to specific sites for specific users if needed.
and if the data transferred is readable (non SSL) then the queries & answers can be kept on a local storage....

An application needs to talk to the proxy to talk to the net.  
One may have more then one proxy, or proxy that have specific functions to other locations... not a common situation, so that is why there is a standard setting. Also there might be separate proxies for specific protocol.  HTTP proxyins is different from FTP proxying.

Be sure that WINDOWS does not send data to a proxy, it just stores info for a proxy IF you want to do so.
Also applications that dont support proxy will never use it.
Your Windows File server client (SMB) protocol will not use a proxy. to name one that won;t work with a proxy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.