AFNOG 2001 Workshop Series
Client Configuration for Proxy Server Use
Once you have your proxy server working, then it's time to understand how you can configure clients to use your proxy server. Generally this involves setting up Netscape or Microsoft Internet Explorer to point them to the correct proxy server on your network. You can, also, setup both or either client to use your Proxy server for secure services and for FTP transactions.
How you do this looks a bit different in Netscape and Microsoft Internet Explore (MSIE)r, and it looks different across versions of Wiindows and your Browser. This document shows you how to do this using Netscape 4.x and IE 5 under Windows 9x/ME/2K/NT.
Starting with MSIE 5 the way proxy servers are used by defaultchanged quite a bit. It's important to understand this because Microsoft's model can actually cause problems depending on how your network is configured. Take a look at the following discussion of Microsoft Internet Explorer and proxy servers for more information.
Setting Up a Proxy Server in Netscape 4.x
[Proxy setup for MSIE is here]
Follow the steps in the following pictures to get Netscape 4.x setup to use your local proxy server.
1.) Open the preferences menu in Netscape.
2.) This is what the proxy settings look like by default.
3.) This is what you need to choose. Note, if you have configured your proxy server with an autoconf.pac file, then you can fill in the Automatic proxy configuration box with this information. In the case of our local proxy server named cache.uct.ac.za you would fill in the following:
http://cache.uct.ac.za/autoconf.pac
Since this is not the case for now follow the steps below. Check the "Manual proxy configuration radio button and then click the "View..." button.
4.) In the View dialogue box you can set the specifics for proxy services at your location. Note that Microsoft Internet Explorer will automatically fill in HTTP, Secure (SSL), FTP, Gopher, and WAIS with the same information as you use for HTTP. Also note that the other two most likely services that will get use out of a proxy server are Security (SSL) and FTP. In the case of FTP this will allow Netscape to properly format directory listings, and for both Netscape and MSIE proxy for FTP provides mime types for files and associated icons as well as caching of directories to speed up navigation.
Once you fill in these fields as you want them try experimenting to see if proxy services are working for you. Remember to click "OK" until you are out of the preferences dialogue so that these settings can take affect. Here are two things you can try:
Setting Up a Proxy Server in Microsoft Internet Explorer 5.x
To setup a proxy server for MSIE 5 you access the setup screen in two ways. One method is to open the Internet Options Control Panel and the other is to get to the Control Panel via the Tools menu in the MSIE browser. Both are acceptable and both are shown below.
Internet Options Control Panel
Internet Options Control Panel via MSIE 5 Tools Menu
At this point you have arrived at the main screen for the Internet Options Control Panel, but using two different methods. Here is, more or less, what it looks like.
To setup proxy services for MSIE 5 follow the steps listed below.
1.) Click on the Connections tab in the Internet Options Controls Panel. Once in this screen click on the "Lan Settings..." button.
2.) After you click on "LAN Settings..." this is what you will see if you have not configured anything. Note that the greyed out text in the "Proxy server" section would not be present if you have never configured a server. This setting is really quite misleading. What it means is that MSIE 5 is looking for a machine called "wpad.domain" - This can actually cause problems. Please read the accompanying document, "Proxy Servers, Auto Discovery, and IE 5" for complete details about this.
3.) If you have configured your proxy server with an autoconf.pac file, then you can fill in the Automatic proxy configuration box with this information. In the case of our local proxy server named cache.uct.ac.za you would fill in the following:
http://cache.uct.ac.za/autoconf.pac
Since this is not the case for now follow the steps below. Uncheck the "Use automatic configuration script" button if you have checked it. Also, uncheck the "Automatically detect settings" button as well for our current configuration. Now go to step 4.
4.) Using the proxy server as configured on our local network you would add in either "http://cache.uct.ac.za" or "cache.uct.ac.za" in the "Address:" box - either will work. In the "Port:" box use 8080. Note that you can bypass the proxy server for local addresses if you wish. Now click on the "Advanced..." button to see the next screen.
5.) Generally you will not need to make changes here, but it is interesting to note that MSIE 5 fills in all possible client services with the same proxy information by default. This is generally OK, however if you did not want something like "Secure" (SSL) transactions to go through your proxy server, then you might need to have your clients (your users) manually remove the Secure proxy configuration information. Note, however, that you should be able to get around this by configuring your proxy server to simply direct secure traffic to go DIRECT.
Once finished with this click "OK" until all the Internet Options Control Panel dialogues are closed. Unlike Netscape, you will need to restart MSIE in order for these changes to take affect.
Remember, if you do decide to cache user information for SSL connections, then you will have things like your user's credit card information sitting on our proxy server. This is sensitive information and you may wish to be sure that you configure your proxy server not to cache such things. Also, be sure you read the "Proxy Servers, Auto Discovery, and IE 5" document. If you follow through on this you should realize that a malicious user could, in theory, bring up wpad.yourdomain on your network. Since MSIE 5 uses this by default and since use Secure (SSL) is configured by default, then they could capture credit card information, etc. on this server. Thus, having wpad.yourdomain reserved, and possibly setup is a good idea. Also, without wpad.yourdomain proxy services setup on your network, then your MSIE 5 clients are going to see an initial delay connecting to their first Web site each time the use MSIE 5 because the program must first attempt to find the server via various mechanisms. An expired version of the draft for wpad is available here.