Web filtering proxies are not able to peer inside secure sockets HTTP
transactions, assuming the chain-of-trust of SSL/TLS has not been
tampered with.
The SSL/TLS chain-of-trust relies on trusted root certificate authorities. In a workplace setting where the client is managed by the organization, trust might be granted to a root certificate whose private key is known to the proxy. Concretely, a root certificate generated by the proxy is installed into the browser CA list by IT staff.
In such situations, proxy analysis of the contents of a SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client's trust of a root certificate the proxy owns.
A translation proxy is a proxy server that is used to localize a website experience for different markets. Traffic from global audiences is routed through the translation proxy to the source website. As visitors browse the proxied site, requests go back to the source site where pages are rendered. Original language content in the response is replaced by translated content as it passes back through the proxy. The translations used in a translation proxy can be either machine translation, human translation, or a combination of machine and human translation. Different translation proxy implementations have different capabilities. Some allow further customization of the source site for local audiences such as excluding source content or substituting source content with original local content.
The SSL/TLS chain-of-trust relies on trusted root certificate authorities. In a workplace setting where the client is managed by the organization, trust might be granted to a root certificate whose private key is known to the proxy. Concretely, a root certificate generated by the proxy is installed into the browser CA list by IT staff.
In such situations, proxy analysis of the contents of a SSL/TLS transaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client's trust of a root certificate the proxy owns.
Caching
A caching proxy server accelerates service requests by retrieving
content saved from a previous request made by the same client or even
other clients. Caching proxies keep local copies of frequently requested
resources, allowing large organizations to significantly reduce their
upstream bandwidth usage and costs, while significantly increasing
performance. Most ISPs and large businesses have a caching proxy.
Caching proxies were the first kind of proxy server. Some poorly
implemented caching proxies have had downsides (e.g., an inability to
use user authentication). Some problems are described in RFC 3143
(Known HTTP Proxy/Caching Problems). Another important use of the proxy
server is to reduce the hardware cost. An organization may have many
systems on the same network or under control of a single server,
prohibiting the possibility of an individual connection to the Internet
for each system. In such a case, the individual systems can be connected
to one proxy server, and the proxy server connected to the main server.
Translation
A translation proxy is a proxy server that is used to localize a website experience for different markets. Traffic from global audiences is routed through the translation proxy to the source website. As visitors browse the proxied site, requests go back to the source site where pages are rendered. Original language content in the response is replaced by translated content as it passes back through the proxy. The translations used in a translation proxy can be either machine translation, human translation, or a combination of machine and human translation. Different translation proxy implementations have different capabilities. Some allow further customization of the source site for local audiences such as excluding source content or substituting source content with original local content.
No comments:
Post a Comment