Link to home
Start Free TrialLog in
Avatar of Knut Hunstad
Knut HunstadFlag for Norway

asked on

Why does our application need to be proxy-aware?

Hi!

We have been asked by customers to update our application to be able to use it in their company, which uses proxy servers for all internet access. I haven't quite understood the details of how proxy servers work. I hope someone can explain this, googling didn't really help.

I'll try to explain how I think (which is probably wrong...):

When our application sends a WebRequest, isn't it the operating systems task to handle this? So if the user has entered proper proxy settings in network setup in Windows, then Windows should see the WebRequest, add the necessary proxy info and send it to the proxy for handling?

Why would our application need to specifically ask for the WebRequest to be handled with "SYSTEM_PROXY"?

And in what scenario would our application need to also open for the possibility of an application setting for proxy IP, user name and password?

Thanks for any clarifications!

Best regards,

Knut
Avatar of noci
noci

No it isn't the OS's work to handle proxy access.  Proxies are application layer service to work on you applications behalf.
Your system is effective not allowed to get blind access to the Internet.., you first need to contact a proxy and then request that to do your web request.   The 2nd request can be validated for business specific rules, even for SSL/TLS when after the 2nd connect is allowed the remainder cannot be tracked.

There is a mode of proxying called transparent proxying, except that it cannot do part of the verification when SSL / TLS is involved.
Unless you break the security by doig MITM attacks on ALL connections. (So it isn't that transparent...).
Avatar of Knut Hunstad

ASKER

OK, seems I just have to accept that's the way it works. Even though I still can't see why it's not like disk access. I mean: when I want to open a file, I don't specify in my application precisely how to access the hardware. That's the OS's job. Why it's different for internet access, I don't quite grasp.

That aside, I can't see any explanation of why I should choose to give the user options to specify proxy settings in our application? Wouldn't it be enough to have the application check the OS's settings and use these if they are set to use a proxy?
No the problem is that you connect to a proxy so that the proxy (thats why it is called a proxy) can make the later connection for you.
So you need to connect TWICE.   First you connect to the proxy (mostly using the SOCKS protocol in one of its incarnations, or HTTP proxy protocol, then send a connect request on your behalf to the proxy).

And yes IF a proxy specification does exist then you can obviously use that.
On linux systems there is the environment variable http_proxy that does just that.
if a process sees HTTP_PROXY=proxyhost:proxyport  it will use those to connect to a proxy.
Well it is supposed to do that, the programmer still has to build that support.
Not sure how you could interrogate IE about proxy settings.
This tool explains a lot about it:
https://linux.die.net/man/1/curl

Scroll down to the Environment  section   (or text search for _proxy).
Sorry, but I still don't quite get it:

- If I specify a proxy in "Network proxy settings" and add username/password for the proxies IP-address in "Windows credentials"

doesn't that mean Windows sends all IP-requests to the proxy with these settings? Or are these settings simply a place to store the info for any application that specifically asks for them?

Why is it made this way? Isn't the point of a proxy to:

- give the company control over what user's can access on internet
- improve speed by caching web pages

Why does every application have to be aware of this? When would the user of an application choose to _not_ use the standard proxy settings of Windows?
ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial