Working with Proxy Servers

Cc939852.chap_13(en-us,TechNet.10).gifCc939852.image(en-us,TechNet.10).gif

A proxy server acts as an intermediary between your computer and the Internet. It is most frequently used when there is a corporate intranet and users are connected to a LAN. It can also work with a firewall to provide a security barrier between your internal network and the Internet. In addition, corporate administrators can balance proxy loads and block undesirable sites. Proxy servers are becoming more advanced in their ability to reduce network traffic by caching content that is frequently requested by the browsers they serve.

A key benefit of Internet Explorer 5 is that users can have multiple connection configurations. Proxy and other LAN settings can be altered for each connection configuration, and a friendly name can be assigned to each configuration - for example, "docking station."

The following section covers two key issues that you should consider if your organization uses proxy servers:

  • Configuring proxy port settings

  • Configuring proxy bypass lists

Proxy Configuration (Corporate Administrators and ISPs)

Corporate administrators and ISPs can preset proxy server settings by entering the settings in Stage 4 of the Internet Explorer Customization wizard. The following illustration shows the Proxy Settings screen.

Cc939852.Ch13_02(en-us,TechNet.10).gif

These settings in the Customization wizard correspond to proxy settings in the browser. To see these settings in the browser, click the Tools menu, and then click Internet Options . Click the Connections tab, and then click LAN Settings . To see addresses of specific proxy servers, click Advanced .

Selecting the Use the same proxy server for all protocols check box in the browser or the Use the same proxy server for all addresses check box in the Customization wizard makes all the other entries unavailable and copies the proxy information in the HTTP setting into the other protocol settings. Selecting the check box also hides the information in the Socks setting.

The Secure** setting is for HTTPS requests based on the Secure Sockets Layer (SSL) technology.

Proxy locations that do not begin with a protocol (such as http: // or ftp: // ) are assumed to be a CERN-type HTTP proxy. For example, when the user types proxy , it's treated the same as if the user typed https://proxy . For FTP gateways, such as the TIS FTP gateway, the proxy should be listed with the ftp:// in front of the proxy name. For example, an FTP gateway for an FTP proxy would have this format:

ftp://ftpproxy

When you enter proxy settings, use the following syntax, where <address> is the Web address of the proxy server and <port> is the port number assigned to the proxy server:

https://<address>:<port>

For example, if the address of the proxy server is proxy.example.microsoft.com and the port number is 80, the setting in the Proxy Server box for LAN settings in the Proxy Settings dialog box or the Proxy Settings screen of the Customization wizard should read as follows:

https://proxy.example.microsoft.com:80

Note If you are using the Internet Protocol (IP) address of your proxy server, make sure not to type leading zeros. For example, use 130.25.0.1 instead of 130.025.000.001.

Key proxy registry settings are as follows:

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\
Internet Settings\
"ProxyEnable"="01 00 00 00"
"ProxyServer"="data"
"ProxyOverride"="local"

The proxy bypass list in the Exceptions area of the Proxy Settings dialog box allows users to specify addresses that will bypass the proxy server and be accessed directly.

Corporate administrators can also preset proxy settings or manage proxy settings by using an automatic proxy configuration file in .js, .jvs, or .pac format. For more information about automatic proxy configuration, see Chapter 21 , "Using Automatic Configuration and Automatic Proxy."

Using the Proxy Bypass List

Some network requests need to bypass the proxy. The most common reason to bypass the proxy is for local (intranet) addresses. Generally, these addresses do not contain periods in them. By selecting the Bypass proxy server for local (intranet) addresses check box, all addresses without a period (for example, https://compserv) will bypass the proxy and be resolved directly.

To bypass more complex addresses, you can set up exceptions for specific addresses or wildcards. If you are configuring settings by using the Customization wizard, enter the addresses into the Do not use proxy server for addresses beginning with check box in the Exceptions area of the Proxy Settings dialog box. If you are configuring proxy settings on a user's computer after deployment, click the Tools menu, and then click Internet Options . Click the Connections tab, click LAN Settings , and then click Advanced . Enter the addresses into the Do not use proxy server for addresses beginning with check box in the Exceptions area. Use a semicolon (;) between entries in the Customization wizard and in the browser.

A proxy bypass entry may begin with a protocol type: https://, https://, ftp://, or gopher://. If a protocol type is used, the exception entry applies only to requests for that protocol. Note that the protocol value is case insensitive. Multiple entries should be separated by semicolons.

If no protocol is specified, any request using the address will be bypassed. If a protocol is specified, requests with the address will be bypassed only if they are of the indicated protocol type. As with the protocol type, address entries are case insensitive. If a port number is given, the request is processed only if all previous requirements are met and the request uses the specified port number.

The Exceptions area of the Proxy Settings dialog box allows a wildcard ( * ) to be used in the place of zero or more characters. The following list contains examples showing how to use wildcards:

  • To bypass servers, enter a wildcard at the beginning of an Internet address, IP address, or domain name with a common ending. For example, use *.example.com to bypass any entries ending in .example.com (such as some.example.com and www.example.com).

  • To bypass servers, enter a wildcard in the middle of an Internet address, IP address, or domain name with a common beginning and ending. For example, the entry www.*.com matches any entry that starts with www and ends with com.

  • To bypass servers, enter a wildcard at the ending of an Internet address, IP address, or domain name with a common beginning. For example, use www.microsoft.* to bypass any entries that begin with www.microsoft. (such as www.microsoft.com, www.microsoft.org, and www.microsoftcorporation.com).

  • To bypass addresses with similar patterns, use multiple wildcards. For example, use 123.1*.66.* to bypass addresses such as 123.144.66.12, 123.133.66.15, and 123.187.66.13.

Although wildcards are powerful, they must be used carefully. For example, the entry www.*.com causes Internet Explorer to bypass the proxy for most Web sites.

If you need to bypass the proxy for a local domain, try using *.domain.com . This will not use the proxy for any computer name ending in .domain.com. You can use the wildcard for any part of the name.

Using FTP with CERN-Compliant Proxy Servers

Users can access FTP sites through a CERN-compliant proxy server. To access an FTP site, users would type the Internet address (URL) for the FTP site they want to connect to, as shown in the following example:

ftp://ftp.microsoft.com

If the site requires a user name and password, users also need to include that information in the address:

ftp://username:password@ftp.microsoft.com

If your system uses a CERN proxy server, users can only download files from and view files at FTP sites. To enable users to perform other services, such as uploading files, you need to provide another proxy solution.

.