Even though the NAT technology used in WinRoute enables direct access to the Internet from all local hosts, it contains a standard HTTP proxy server. Under certain conditions the direct access cannot be used or it is inconvenient . The following list describes the most common situations:
To connect from the WinRoute host it is necessary to use the proxy server of your ISP. In this case the Internet cannot be accessed directly.
Proxy server included in WinRoute can forward all queries to so called parent proxy server).
Internet connection is performed via a dial-up and access to certain Web pages is blocked (refer to chapter 6.1). If a direct connection is used, the line will be dialed before the HTTP query could be detected (line is dialed upon a DNS query or upon a client's request demanding connection to a Web server). If a user connects to a forbidden Web page, WinRoute dials the line and blocks access to the page — the line is dialed but the page is not opened.
Proxy server can receive and process clients' queries locally. The line will not be dialed if access to the requested page is forbidden.
WinRoute is deployed within a network with many hosts where proxy server has been used. It would be too complex and time-consuming to re-configure all the hosts.
The Internet connection functionary is kept if proxy server is used — it is not necessary to edit configuration of individual hosts (or only some hosts should be re-configured).
WinRoute may be filtering sites and objects transparently, however it is possible for a Web page to contain a redirect to a non-standard TCP port. In this case the transparent HTTP proxy will not be used. If the browser is configured to use a proxy server then the redirect will continue to be processed through the proxy server.
Note: The Proxy server in WinRoute supports only the HTTP and HTTPS protocols. Use direct access to support traffic using the FTP protocol unless you use a parent proxy server that supports FTP protocol (WinRoute's proxy server can “get” FTP to the parent proxy server).
To configure proxy server parameters open the Proxy server tab in Configuration / Content Filtering / HTTP Policy.
- Enable non-transparent proxy server
This option enables the HTTP proxy server in WinRoute on the port inserted in the Port entry (3128 port is set by the default).
Warning : If you use a port number that is already used by another service or application, WinRoute will accept this port, however, the proxy server will not be able to run and the following report will be logged into the Error log (refer to chapter 13.7):
failed to bind to port 3128: another application is using this port
If you are not sure that the port you intend to use is free, click on the Apply button and check the Error log (check whether the report has or has not been logged) immediately.
- Forward to parent proxy server
Tick this option for WinRoute to forward all queries to the parent proxy server which will be specified by the following data:
Server — DNS name or IP address of parent proxy server and the port on which the server is running (3128 port is used by the default)
Username, Password — username and password for authentication to the parent proxy server.
Through this option you can also set the McAfee antivirus and Cobion Orange Filter so that they can automatically use this proxy server to access the Internet.
Leave the Username and Password entries blank unless your parent proxy server requires authentication.
Note: The name and password for authentication to the parent proxy server is sent with each HTTP request. Only Basic authentication is supported.
- Allow browsers to use...
The Web browsers' parameters at client hosts must be set properly to ensure correct proxy server functionality. These parameters are set automatically on most browsers. The following options are provided if Enable browsers to use configuration script automatically via DHCP server in WinRoute is enabled:
The Microsoft Internet Explorer browser is configured automatically if the DHCP server is used and if the Automatically detect settings option is enabled in the browser settings.
Note: The DHCP server in WinRoute is required by this method of automatic configuration (refer to chapter 4.4).
Other browsers (i.e. Netscape/Mozilla, Opera, etc.) enable definition of URL script for automatic configuration. Here is the appropriate URL:
http://192.168.1.1:3128/pac/proxy.pac
where 192.168.1.1 represents the IP address of the WinRoute host and 3128 represents port of the proxy server (see above).
The Set automatic proxy configuration script to option defines which method will be used for automatic configuration of browsers:
Direct access — browser will not use proxy server
WinRoute proxy server — The proxy server in the browser will be set to the IP address of the WinRoute host and to the port specified in the Port entry (see above).