Re: persistant connections and proxies

> Netscape browsers don't send "Connection: keep-alive" to proxies.  I beleive
> what you are describing is not a proxy, but actually a gateway.  In other
> words, if the client doesn't know it's a proxy, it's not a proxy.

The http-gw in the firewall toolkit, understands several modes of operation
that allow non proxy aware browsers to be used. The first method is to
pre-pend the URL with


In this case the client does not know that it is talking through a proxy. This
mode of use does require the http-gw to re-write all html that is passed back
to add in the prepend. This mode of use is now discouraged...

> The issue of what is appropriate behavior for a "server-side proxy" (AKA
> not-a-proxy-gateway) has been discussed before with regards to other topics,
> and I remember Roy Fielding's opinion was that it was not HTTP's
> problem/jurisdiction.  I don't know if Roy or the rest of the group still
> feels that way.
> >Clients configured with proxy handoffs don't normally have problems since 
> >the proxy persistant connection attempt by the client is ignored by the 
> >server.
> This doesn't make any sense to me.  When talking to a proxy, the persistent
> connection attempt isn't "ignored by the server", rather it's never sent by
> the client.

The Gauntlet Internet Firewall (our comercial product) has a transparency 
mode where the client routes a connection through the firewall as if it was
a router and the firewall 'absorbs' the connection starting up the proxy in
the normal way and then makes the onward connection to the original destination.

again the client does NOT know that it is talking via a proxy. We have several
customers who's initial reaction to having a firewall installed was that they
didn't want to have to have all their users change their client setup and 
this transparent mode gives them mostly what they want although we do 
recommend that they setup their proxy variables in the client.

> -----
> Daniel DuBois, Software Animal          

Both the prepend and transparent modes are also used when the http-gw is
proxying gopher requests but there isn't a persistant Gopher protocol as far
as I know.


The TIS Network Security Products Group has moved!
voice: 301-527-9500 x123 fax: 301-527-0482
2277 Research Boulevard, 5th Floor, Rockville, MD 20850

Received on Tuesday, 28 May 1996 15:58:23 UTC