Cisco Cisco Web Security Appliance S170 Guida Utente
5-14
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 5 Web Proxy Services
Configuring Client Applications to Use the Web Proxy
Configuring Client Applications to Use the Web Proxy
Web browsers and other user agents sometimes need to know how to connect to the Web Proxy in order
to access the World Wide Web. When you deploy the Web Security appliance in explicit forward mode,
you must configure client applications so they use the Web Proxy. If you deploy the appliance in
transparent mode, you can choose whether or not to configure client applications to explicitly use the
Web Proxy.
to access the World Wide Web. When you deploy the Web Security appliance in explicit forward mode,
you must configure client applications so they use the Web Proxy. If you deploy the appliance in
transparent mode, you can choose whether or not to configure client applications to explicitly use the
Web Proxy.
You can configure client applications to explicitly use the Web Proxy by using any of the following
configuration methods:
configuration methods:
•
Manual. Manual configuration involves typing the Web Security appliance hostname and port
number, such as 3128, in each client application. If the appliance changes, you must edit each
application individually. You might want to manually configure an application when you are testing
proxy access on a single client machine. Cisco does not recommend manually configuring each
client application to use the appliance Web Proxy.
number, such as 3128, in each client application. If the appliance changes, you must edit each
application individually. You might want to manually configure an application when you are testing
proxy access on a single client machine. Cisco does not recommend manually configuring each
client application to use the appliance Web Proxy.
•
Proxy auto-config (PAC) file. For web browsers, you can configure each browser to use a PAC file
to find the Web Proxy. Then you can edit the PAC file to specify the appliance Web Proxy
information. For more information, see
to find the Web Proxy. Then you can edit the PAC file to specify the appliance Web Proxy
information. For more information, see
.
For more information about how to configure client applications to use a proxy, see the client application
documentation.
documentation.
Working with PAC Files
A proxy auto-config (PAC) file is a text file that defines how web browsers can automatically choose the
appropriate proxy server for fetching a given URL.
appropriate proxy server for fetching a given URL.
When you use a PAC file, you only need to configure each browser once with the PAC file information.
Then, you can edit the PAC file multiple times to add, delete, or change Web Proxy connection
information without editing each browser. This way you can configure the proxy information about your
network in a centralized location and update it easily.
Then, you can edit the PAC file multiple times to add, delete, or change Web Proxy connection
information without editing each browser. This way you can configure the proxy information about your
network in a centralized location and update it easily.
Note
Once a browser has read a PAC file, it stores it in memory for the remainder of the browser session.
You might want to use a PAC file for the following reasons:
•
Centralized management. You can manage the PAC file in a single, central location.
•
Complex network environment. If the network of proxy servers is complicated, you can create a
PAC file to accommodate different server and client needs.
PAC file to accommodate different server and client needs.
•
Changing network environment. If your network environment is likely to change in the future, you
can easily add, edit, or delete proxy servers in the PAC and have the changes automatically affect all
browsers.
can easily add, edit, or delete proxy servers in the PAC and have the changes automatically affect all
browsers.
•
Failover. If you have multiple proxy servers, you can provide redundancy in case of failure. You can
either program the PAC file to be redundant, or if a failure occurs, change the PAC file to use a
different proxy server.
either program the PAC file to be redundant, or if a failure occurs, change the PAC file to use a
different proxy server.
Note
Different browsers take different amounts of time to fail over to a secondary proxy. For example,
Internet Explorer takes about 25 seconds, and Firefox takes about 50 seconds.
Internet Explorer takes about 25 seconds, and Firefox takes about 50 seconds.