TightGate-Pro can work with multiple proxies. The following overview explains the configuration.
Menu item | Description |
---|---|
HTTP Proxy (external)* | IPv4 address(es) of the HTTP proxy server(s) through which all HTTP accesses to the Internet are routed. The port used must be the same for all registered HTTP proxy servers and is specified in a separate menu option. If several servers are entered, they are addressed automatically either by the Round Robin procedure or in a certain order. The accesses are weighted according to access speed, unavailable servers are automatically skipped. Caution: In most cases there are only servers in the network which have to be entered here with an explicit IPv4 address. In the exceptional case in which DNS names that can be resolved here are referenced, the network concerned must be specified exactly in the HTTP proxy network menu item. Furthermore, a DNS server must be entered which can resolve the proxy name. Otherwise a correct connection to the respective proxy servers is not possible. |
HTTP Proxy Order (external)* | If several proxy servers have been entered, this option can be used to specify the selection procedure. The Round-Robin procedure and the address in a certain order are available. Hint: If only one proxy server is entered, this menu option is not displayed. |
HTTP Proxy Port (external)* | Specifies the port to be used for contact with the HTTP proxy servers entered. The setting must be the same for all referenced HTTP proxy servers. |
HTTP Proxy Network (external)* | If a resolvable DNS name is entered as proxy server, the system absolutely needs the information about the IPv4 addresses behind it. The IPv4 address must be specified in the form [IP address/Valid Bits]. |
HTTP Proxy SSL/https (ext)* | Select whether the proxies are addressed via HTTPS or HTTP. |
HTTP Proxy Login (ext) | If the proxy logon requires a user authentication with user name and password, the user name can be stored here. |
HTTP Proxy Password (ext)* | If the proxy logon requires a user authentication with user name and password, the password can be stored here. |
Enable HTTP Pipelining* | HTTP Pipelining is a technique in which multiple HTTP requests are passed to a single socket without waiting for a response. Especially for connections with high latency, this can mean a significant reduction in page load times. Disabling can help if loading HTTPS pages repeatedly hangs over the uplink proxy. |
Via the menu item Proxy > Proxy exceptions you can set IPv4 addresses or URLs of websites that should not be routed via the external proxy. The exceptions are set in the browser settings of the TightGate-Pro users each time they log in.
Attention: All proxy exceptions entered here must also be entered in the menu under Network > HTTP Server.
In addition to the display of content from the Internet, TightGate-Pro also offers the possibility of content control and restriction of Internet use. The web filter of TightGate-Pro works as a forced proxy and filters the data retrieved from the Internet according to definable criteria. The following categories are taken into account:
The functionality of the web filter is similar to that of a malware filter. There are predefined lists of unwanted content (blacklists) that are assigned to different categories. If the web filter is active and categories are selected as unwanted content, TightGate-Pro forwards each request for a website to the internal web filter for checking. This checks whether the page is on a list (blacklist) with unwanted content. If this is the case, the web filter will indicate that access to the corresponding page has been blocked instead of the content of the page. In principle, the check for admissibility of a page is based on the principle "whitelist before blacklist". If a domain or URL is noted on the whitelist in the system, access is always permitted.
Boundaries of the web filter: A content filter is only as accurate as its lists. These have a limited scope and require regular maintenance. m-privacy GmbH offers two different lists which are maintained by third parties. The m-privacy GmbH therefore assumes no liability for the completeness and content of the lists.
Exkurs on the web filtering of HTTPS-encrypted pages
In the course of web filtering, HTTPS connections to TightGate-Pro can be broken. This is the only way to ensure URL-accurate filtering of the retrieved Web content even for HTTPS accesses. If the proxy filter integrated in TightGate-Pro does not want HTTPS connections to be broken, only domain-based filtering of encrypted Web content retrieved is possible.
Attention: We recommend that you consult the relevant data protection officer or IT security officer before activating the feature.
To turn on and configure the web filter, follow these steps:
How to do it:
In addition to using the central white and black lists, TightGate-Pro can be extended with individual settings. This makes it possible to add individual domains and URLs to your own blacklists and whitelists.
This is required: → Activated proxy filter (web filter) → Assignment of users to the filtered Web
How to do it:
TightGate-Pro provides the ability to bypass content control for individual users. The bypass of the content filter for individual users or groups is configured by the administrator maint under the menu item User Administration > Filtered Web.
Hint: If a user has unfiltered access to the Web, no content control is performed for this user. When a user switches from filtered to unfiltered web (or vice versa), he or she must log on to TightGate-Pro again for the setting to become active. A restart of the browser is not sufficient.
TightGate-Pro provides the ability to log web access from users. To protect data privacy, anonymization and pseudonymisation functions are already implemented during logging.
How to do it: