web cache and remote access

[Peter Murray]

Please pardon my late arrival into the discussion...

--On Tuesday, May 30, 2000 1:48 PM -0700 "Bryan H. Davidson" 
<bdavidso at comp.uark.edu> wrote:
> This weekend, they implemented something to the effect of  a "web caching
> server" without any notification. As a result we immediately lost access
> to all of our subscription online resources that authenticate by IP,
> because the server altered the IP number.

I believe this is a new-fangled thing called an "interception proxy". 
Basically, the network infrastructure (routers and switches -- the central 
server in Little Rock in your case) detect when a request passing through 
them looks like a web request and forces it off to a proxy server.  The 
router is "intercepting" the request and 'modifying' it for the user.

Some argue that this is a good thing -- that the bandwidth saved by 
shuffling web requests to a local proxy server outweigh the few problems 
(and there are problems!) that arise.

Others argue that this is a fundamentally bad thing in that it breaks the 
long-standing architectural premise that one node on the Internet 
communicates with another node on the Internet without the network 
infrastructure "getting in the way".  (One could argue that Network Address 
Translation or NAT already does this, but that is another discussion.)

But in your case, the interception proxy has modified the request (by 
changing the IP address) without the client knowing about it, and so bad 
things like what you describe happen.


--On Wednesday, May 31, 2000 11:46 AM -0700 "Bryan H. Davidson" 
<bdavidso at comp.uark.edu> wrote:
> After speaking to some folks in computing services on our end, it seems
> that, even if the caching server was not in place in Little Rock, chances
> are that one's request is being answered by a caching server somewhere
> else on the net anyway, rather than the actual live "source". At least
> that is my understanding?

I don't believe that is the case.  There are many forms of proxy servers 
(some caching, some not), and they are used for many different reasons. 
For instance, there are "reverse proxies" which are used by high-use sites 
such as CNN and IBM.  These work by fooling you, the end user, into 
thinking that you are connecting to the single source of the information 
("cnn.com", for instance).  But in fact "cnn.com" is an array of web 
servers that all look to an internal machine to get their information.  You 
never connect to that internal machine, but rather one of CNN's "proxies".

There are also the traditional use of proxies, where your browser is 
configured to use a single proxy or a series of proxies, either through 
manual configuration or through an Proxy Auto-Config file.

But interception proxies, although they have been available from cisco for 
about five years, are only now beginning to take off, and it is these kinds 
of proxy servers which are causing problems now.  The difference between 
these and other proxies is that services are not transparent to the end 
user (as with "reverse proxies"), nor does the client know about the 
existence of the proxy (as with traditional proxies).


Peter
--
Peter Murray, Computer Services Librarian              W: 860-570-5233
University of Connecticut Law School             Hartford, Connecticut