Using a paid service as a global http proxy

Emmert
Valued Contributor

Hi all,

we've been trying to figure out a good global http proxy solution for a while, and I came across this article today where someone's using a third-party paid app called "Weblock" as their global http proxy.

Obviously the price of $1.99 is nice, although I believe I'd need to buy a license for all of my devices if I wanted to use this in a large scale.

How viable is this? The other option we could do is to set up a brand-new proxy server. It looks like the commercial ones run about $4 per user, and the free ones look difficult to use.

Has anyone set up a free global http proxy server from scratch with any success?

5 REPLIES 5

stoneacheck
New Contributor III

We use Smoothwall, but it is definitely not free. It replaced our firewall/local filter and global proxy for iPads. Their support is pretty good, getting all the kinks worked out did take some time but I think that's gonna be the case with any filter/firewall vendor change.

Previously used Lightspeed, which wasn't terrible, but Smoothwall seems to be more flexible.

Emmert
Valued Contributor

After digging into this a little bit, it looks like that global HTTP setting can just be configured with a little bit of Javascript. I think we're probably just going to host our own and point the iPads at that.

The code that Weblock uses is very similar to what's in the Wikipedia article on proxy auto-config.

stoneacheck
New Contributor III

Yeah the pac file is the easy part, Smoothwall built ours for us. It wasn't clear if you already have a local firewall/filter/proxy already in place or not but you'll need one to point that pac file towards.

If you decide to put an open source proxy together I'd just caution please please document the crap out of the process you build it yourself and make sure it works really really well before implementing it. Imagine a worst case scenario that whatever you throw this on dies during a testing day or something similarly critical, and no iPads can access the Internet because you've forced them to go through a proxy that doesn't exist at the moment for whatever reason. Oh yeah, and you're on vacation or you took a promotion somewhere else and the team trying to figure it out is stuck with a pile of iPads that can't get online, talk to Casper, etc.

That's the biggest benefit of paying for critical services - its stable, consistently updated, and there's an 800 number and people who are highly skilled at helping when shit hits the fan.

For what its worth our mobile proxy gets about 6,800 requests/minute and median service time is about .2 seconds for roughly 1,200 iPads on a 1Gb/s Comcast line.

Emmert
Valued Contributor

I think we're leaning towards using no real proxy, and instead a manual blacklist. Here's what I came up with this afternoon after looking at other examples:

function FindProxyForURL(url, host) {
if (dnsDomainIs(host, ".badsite1.com")
  ||dnsDomainIs(host, ".badsite2.com")) {
return "PROXY 8.8.8.8:53";
}
else {
return "DIRECT";
}
}

Apparently there's another district in the area doing it this way and our Apple state-wide rep suggested this yesterday.

CasperSally
Valued Contributor II

We're a happy iboss user. I can't imagine in a million years trying to manage a black or white list.