A web proxy is essentially an intermediary device sitting between a device and the internet.
A proxy server acts as a middle man for requests from clients (your users’ devices) seeking resources from other servers on the internet. A client connects to the proxy server and requests a service (such as a file, connection, web page, or other resource.) The proxy server then evaluates the request and processes it.
In simpler terms, with a proxy server, your users are not actually connecting to their intended site. Instead, the proxy server is connecting to the site, sends the request, determines whether or not to process the request, and then either processes it or denies it (in the case of a blocked site.)
Proxy and SSL
These days, many websites are enforcing a secure connection by default. These websites use HTTPS instead of HTTP, which protects sensitive information such as login IDs and passwords from being intercepted and misused. Many sites, including Google and YouTube domains, banking sites, email sites, and other sites that hold sensitive information, utilize SSL certificates to ensure a trusted secure connection. SSL certificates add a much needed additional security layer to an unsecured internet, but at the same time, they also inadvertently make web filtering and content monitoring more difficult due to the added security layers.
Proxy servers are able to decrypt SSL data, allowing them to see through the encoding and determine exactly which encrypted websites users accessed.
Proxy and Web Filtering
Using a proxy server guarantees accurate reporting and full web filtering. Without a proxy server, the Web Filter is unable to determine the exact URL details of encrypted sites.
Typically, the Lightspeed Systems Web Filter will be placed in a network in transparent bridge mode. This means that a client will not know the Web Filter is there, and the client’s request will pass through the Web Filter and be inspected on its path directly to the internet. In this setup, if a user accesses a secure HTTPS site, only the domain name (subject) in the SSL certificate will be visible to the Web Filter. Block or allow decisions can only be made based on this domain rather than the full URL. Thus, URL patterns for HTTPS sites may not operate correctly.
When a Web filter is configured to act as a proxy server, the client knows that the Web Filter is there, and makes the request to the proxy server, asking to make a request on its behalf. The proxy server then makes the request to the internet. The proxy server decrypts the request in order to read the full URL. If the proxy server determines that the request should be allowed, it will carry out the request on the client’s behalf over SSL as expected. If the site should be blocked, then the request will be denied and the user will see a block page.
In other words, enabling your Rocket as a Proxy Server allows for the most effective filtering of a variety of HTTPS sites, including all Google domains.
Proxy and Schools
Using a proxy is key to school officials who want to filter encrypted traffic and see full URLs in their reports and to see and block search engine queries.
This particularly pertains to YouTube and Google traffic. Without using a proxy, you will not be able to filter YouTube and Google traffic, your only options will be to either allow all traffic or block all traffic. YouTube and Google sites utilize wildcard certificates in all of their sites. As a result, the Web Filter is only able to see domain data and not subdomain data. Furthermore, you will not be able to see which YouTube or Google sites your users accessed in your Web Filter reports, nor will you see any search term data.
With proxy enabled, you are able to decrypt YouTube and Google encrypted SSL certificates and see URL info for both domains and subdomains. The following examples explain the difference between what Web Filter reports show without a proxy and with a proxy.
- Ex 1: YouTube Video
- Ex 2: Google Domains (mail, docs, drive, classroom, etc.)
- Ex 3: Google Search Terms
|2. Google Docs
|3. Google Search
The difference that proxy makes can be rather substantial. Proxy can help you ensure that your users do not have access to specific YouTube and Google sites that you want to block. Even more importantly, proxy can help you identify exactly what content your users are accessing on YouTube and Google sites. This can be a tremendous help in identifying and stopping potentially inappropriate or even dangerous behavior.
Proxy works with every possible setup and all devices. Different types of proxy work better with different setups. Your network environment and needs will determine which proxy setup will work best for you. You can determine exactly which kind of proxy you should utilize in a transparent bridge mode here.