Proxy servers
Posted by shagarag@reddit | sysadmin | View on Reddit | 19 comments
Curious if anyone is still using proxy servers for outbound web traffic. If so what do you use?
Posted by shagarag@reddit | sysadmin | View on Reddit | 19 comments
Curious if anyone is still using proxy servers for outbound web traffic. If so what do you use?
stashtv@reddit
https is more the norm, proxy servers would be considered MITM. Did run a Squid proxy on my local network a few years ago, and it was already low single digit % that was getting cached.
IamHydrogenMike@reddit
I had a neighbor that was kind of a douche to everyone, I was able to figure out his WiFi password and get into his WiFi router pretty easily. I installed DD-WRT onto it and added the squid proxy plugin for it. There was a config you could do that would flip images upside down on webpages, I figured out a way to turn it off and on automatically at different intervals. Drove him absolutely nuts for about 2 weeks.
CrocodileWerewolf@reddit
You realise that’s a crime, right?
Chellhound@reddit
No prosecutor is going to waste time on someone pranking a neighbor's wifi.
Sure, wiser not to, but unless you're a prominent political opponent or having an affair with the DA's spouse, you're fine.
Chellhound@reddit
Good ole upside-down-ternet.
artekau@reddit
SSL decrypt is basically a outbound proxy.
databeestjegdh@reddit
Palo Alto refers to it as Forward Proxy in the configuration
artekau@reddit
Yes, same thing
msalerno1965@reddit
I built a set of three Centos 7 boxes ... let's see ... well, crap, 9 years ago.
Squid.
WPAD on Apache for windows clients to get a list of things that should or shouldn't be proxied.
A Netscaler load balancer sits in front for the WPAD, and also for dumb clients that can't do WPAD.
For various reasons, certain assets are not reachable from certain locations, but they are always reachable from the proxy servers.
Hardware-wise, the CentOS boxes are single-socket 10-core, with an Intel 10Gbe dual-port NIC. I put VLANs on the bare NICs, and THEN bonded the vlan interfaces, with primary interface on opposite NIC ports. This makes it possible to push/pull 10Gbe at the same time. It goes in one interface, back out the other.
We recently upgraded the edge routers, so our dual 5Gbps connections were finally able to push it, and ...
A single proxy server is able to push 6Gbps in/out a single 5Gbps connection. And they regularly see a few thousand users at any given moment.
For comparison, I have a brand-new A10, Mellanox 100Gbe cards, OEM Dell hardware, and it can only get to about 3Gbps as a proxy server. I am disappoint.
Yes, proxies are a pain sometimes. But a carefully crafted WPAD and a load balancer make it all work. And it is very useful in a lot of weird situations.
Hoosier_Farmer_@reddit
the backbone network of both the #1 and #2 largest cable internet providers in the USA both use Squid.
source: I worked on squid at both.
RandomThrowAways0@reddit
Most of the world is moving over to SWG technologies, which are essentially fancy proxies under the hood - ZScaler, Netskope, Prisma access, etc.
raip@reddit
Yeah, it's a little more advanced than just a simple proxy but we use Zscaler for about 150k users. Came about during C19 when we needed to provide protections to our remote users without back hauling all of that Internet traffic through our VPN. Pretty happy with it.
Danny-117@reddit
In Australia at least in government it’s a ISM control that all web traffic is sent through a web proxy. If you want to meet compliances then you have to use one.
h8mac4life@reddit
I have a huge pen15
falling_away_again@reddit
Wingate . But hope to phase that out soon
shagarag@reddit (OP)
I'll check it out. Thanks. Do you plan to use something else or just allow direct access?
shagarag@reddit (OP)
Guess I should add that I'm particularly interested in using it for servers. Thanks for the replies.
ofd227@reddit
No. I switched to roaming DNS filter clients
Hollow3ddd@reddit
Dns filter