Proxy Chain

Proxy Chain

Overview

The Proxy chain section allows you to selectively forward requests through another proxy, SOCKS4 or SOCKS5 firewalls.
You can also use ICP (Internet Cache Protocol) and CARP (Cache Array Routing Protocols) to share cache with peer or sibling proxies.

CARP (Cache Array Routing Protocol)

The Cache Array Routing Protocol (CARP) is used in load-balancing HTTP requests across multiple proxy cache servers. It works by generating a hash for each URL requested. A different hash is generated for each URL and by splitting the hash namespace into equal (or unequal parts, if uneven load is intended) the overall number of requests can be distributed to multiple servers.

ICP (Internet Caching Protocol)

The Internet Cache Protocol (ICP) is a protocol used for coordinating web caches. Its purpose is to find out the most appropriate location to retrieve a requested object from in a situation where multiple caches are in use at a single site. The goal is to use the caches as efficiently as possible and to minimize the number of remote requests to the originating server. Hierarchically, a queried cache can either be a parent, a child, or a sibling.

Global

showing global section of Proxy chain

Enabled

Enable or Disable the proxy chain section.
TRUE: Enable proxy chain section.
FALSE: Disable proxy chain section.

Enable CARP

CARP is a protocol used by a cluster of proxies to have them act as one logical cache by using a hash algorithm that combines the proxy's hostname and requested URL to determine which proxy server the URL is requested from and thus cached on.
TRUE: Enable CARP.
FALSE: Disable CARP.

CARP Hash Size

Specify the maximum value of the CARP hash; the lower the value, the greater the redundancy of cached files across peer proxies. Set to 0 for maximum size. Any value other than 0 breaks compatibility with Squid, and all peer proxies must use the same size hash.

Forwarding Proxies

List of proxy servers to forward connections to.
showing forwarding proxies section in proxy chain

Enabled

Enable or Disable this entry.
TRUE: Enable this entry.
FALSE: Disable this entry.

Comment

For documentation and future references, explain the relevance of this entry with your policies.

Profiles

Specify the Profiles applicable for this entry.
This entry will be applicable only if the connection has any one of the specified profiles.
Leave it Blank, to apply for all connections irrespective of any applied profile.
To avoid application to a connection that has a profile, use a negated profile (!profile).

Proxy

Specify the hostname or IP address of the proxy to forward through.
If this field is left blank, and the host or file options aren't, no action is taken for requests matching the host and file.
If the Proxy is the same as the server's hostname, the entry is ignored.
This makes it easier to have a configuration file shared between several proxy servers.

User name

Specify the user name to use if the proxy requires authentication.

Password

Specify the password to use if the proxy requires authentication.

Domain

Specify the NT domain when using the NTLM authentication protocol.

Port

Specify the port number of the proxy to forward through.

ICP Peer Type

The peering relationship of this proxy.
  1. NONE: The ICP protocol will not be used with this proxy.
  1. PARENT: This proxy is a Parent. When no peer has the cached file, it will still be requested from a parent, so that it is cached for other peer proxy servers.
  1. SIBLING: This proxy is a Sibling. Files are requested from it only when it has a cached copy.

ICP Port

Specify the UDP port ICP packets are sent to.

Type

Specify the type of the proxy; can be HTTP, SOCKS4, SOCKS5 or CONNECT.
  1. HTTP: This is an HTTP proxy.
  1. SOCKS4: This is a SOCKS4 firewall.
  1. SOCKS5: This is a SOCKS5 firewall.
  1. CONNECT: The connect method will be used through the HTTP proxy.

Applies to

Specify the type of requests that are forwarded through the proxy; can be HTTP, FTP, SOCKS5 and/or CONNECT (HTTPS).
  1. HTTP: This proxy will be used for HTTP requests.
  1. FTP: This proxy will be used for FTP requests.
  1. CONNECT: This proxy will be used for CONNECT requests.

Example

Rule#1
I want to forward all my requests to proxy server 192.168.2.179 and port 8080.
ICP peer type is set to none.
The type of proxy is set to be connected.
For request type of HTTP FTP and connect.




    • Related Articles

    • HTTPS Inspection

      Overview This section allows you to configure the overall operation to handle scanning of connections under HTTPS (HTTP over SSL). SSL (Secure Sockets Layer), is the standard security technology for encrypting a connection between a web server and a ...

    • ICAP

      What is the advantage of using ICAP? ICAP is a protocol designed to off-load specific Internet-based content to dedicated servers, thereby freeing up resources and standardizing the way in which features are implemented. For example, a server that ...

    • Network settings

      Overview Configure the basic Network Infrastructure. Configure the Sockets on which SafeSquid will Listen and accept connections from clients. Manage SafeSquid's outgoing connections through existing IPs of your host system. Listen Setup SafeSquid’s ...

    • WCCP

      Overview Use WCCP routers to enforce transparent proxy. Stop setting proxy in client browsers and transparently redirect traffic flows in real time. Global Enabled Enable or Disable this section. TRUE: Enable transparent redirection. FALSE: Disable ...

    • Access restrictions

      Overview Use Access Restriction to Allow/Deny access to SafeSquid's service for specific users/user groups. This allows you to specify the Access rights for various users and profile them into user groups for unique processing in other sections. In ...