About Transparent Proxy Settings
The Transparent Proxy settings are used for configuring transparent features of the explicit proxy mode.
Transparent Proxy
Settings for configuring the explicit proxy mode with transparent features.
Option | Definition |
---|---|
Supported client redirection methods |
Provides methods for intercepting web traffic and redirecting it to an appliance.
|
The following two tables describe list entries in the lists of WCCP services and port redirects.
Advanced Outgoing Connection Settings
Settings specifying methods for handling information contained in client requests sent to web servers that are requirements for the network environment of the appliance
Option | Definition |
---|---|
IP spoofing (HTTP, HTTPS, FTP) |
When selected, the appliance keeps the client IP address that is contained in a client request as the source address and uses it in communication with the requested web server under various protocols. When WCCP services are used for intercepting web traffic and directing it to the appliance, you need to configure two services for each port on the appliance that listens to client requests: one for the requests that come in from the clients, and one for responses to these requests that are sent by the web servers. When this option is not selected, the appliance chooses a source port and uses it in this communication.
|
HTTP: Host header has priority over original destination address (transparent proxy) |
When selected, the destination address that is provided in the HOST header part of a client request under HTTP is used for communication with the requested web server. In a transparent proxy configuration, communication with a web server could also use the destination address that is specified under TCP for the connection that serves to transmit a client request. This address is also known as the original destination address. Both methods of communication are available to a transparent proxy on an appliance that intercepts client requests or to a WCCP service that intercepts requests and redirects them to an appliance. Using the HOST header destination address is the preferred method, however, for some configurations it can be necessary to deselect this option and use the original destination address for communication with a web server.
|
Sample WCCP service settings for IP spoofing
Sample settings for configuring WCCP services with IP spoofing
NOTE: Configure these settings only if you want to perform IP spoofing. It is usually not required that you configure two services for redirecting web traffic to the appliance under WCCP.
You can use IP spoofing in a configuration with WCCP services that intercept web traffic and direct it to the appliance. In this case, you need to configure two services for all ports on the appliance that listen.
One of these services is for the requests that come in from the clients and another one for the responses to these requests that are sent by the web servers.
The following table shows sample parameter values for these services.
Option | Service for client requests | Service for web server responses |
---|---|---|
Service ID | 51 | 52 |
Service priority | 0 | 0 |
WCCP router definition | 10.150.107.254 | 10.150.107.254 |
Ports to be redirected | 80, 443 | 80, 443 |
Ports to be redirected are source ports | fasle | true |
Proxy listener IP address | 10.150.107.251 | 10.150.107.251 |
Proxy listener port | 9090 | 9090 |
MD5 authentication key | * * * * * | * * * * * |
Input for load distribution | This main item does not appear in the settings list, but is visible in the Add and Edit windows. The following four elements are related to it | |
Source IP | true | false |
Destination IP | false | true |
Source port | true | false |
Destination port | false | true |
Assignment method | This main item does not appear in the settings list, but is visible in the Add and Edit windows. The following four elements are related to it | |
Assignment by mask | true | true |
Assignment by hash | false | false |
Assignment weight | 100 | 100 |
Forwarding method | This main item does not appear in the settings list, but is visible in the Add and Edit windows. The GRE-encapsulated and L2-rewrite to local NIC elements are related to it | |
GRE-encapsulated | false | false |
L2-rewrite to local NIC | true | true |
L2-redirect target | eth1 | eth1 |
Magic (Mask assignment) | -1 | -1 |
Comment |