PNS differentiates between two request types: server requests and proxy request.
Server requests are sent by browsers directly communicating with HTTP servers. These requests include an URL relative to the server root (e.g.: /index.html), and a 'Host' header indicating which virtual server to use.
Proxy requests are used when the browser communicates with an HTTP proxy. These requests include a fully specified URL (e.g.: http://www.example.com/index.html).
The type of the incoming request is determined from the request URL, even if the Proxy-connection header exists. As there is no clear distinction between the two request types, the type of the request cannot always be accurately detected automatically, though all common cases are covered.
Requests are handled differently in transparent and non-transparent modes.
A transparent HTTP proxy (
transparent_mode
attribute is TRUE) is meant to be installed in front of a network where clients do not know about the presence of the firewall. In this case the proxy expects to see server type requests only. If clients communicate with a real HTTP proxy through the firewall, proxy type requests must be explicitly enabled using thepermit_proxy_requests
attribute, or transparent mode has to be used.The use of non-transparent HTTP proxies (
transparent_mode
attribute is FALSE) must be configured in web browsers behind the firewall. In this case only proxy requests are expected, and server requests are emitted (assumingparent_proxy
is not set).
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu