After configuring upstream proxy settings, you can use a single upstream proxy for all web requests.
Multiple upstream proxies
There are three potential destinations for a web request forwarded to an upstream proxy. These are as follows, in order of precedence:
- A pool of one or more proxies allowed by the upstream proxy policies, to service the request.
- The default proxy, if configured.
- Direct forwarding of requests to their origin servers, if allowed. An origin server is defined as the target destination of web request, in other words, the server from which a requested resource originates.
Upstream proxy policies are additive. The Smoothwall Filter checks requests against all the policies, in order. Any proxy allowed to service a request is added to the proxy pool. If the final pool for a request contains two or more proxies, load-balancing and fail-over rules decide the one that sent the request.
Note: The rules only apply to requests serviced by the Smoothwall Filter. If a device behind the Filter can obtain direct, unfiltered web access, the client’s requests are treated no differently from other Internet traffic.
Upstream policies
You can configure and deploy policies to manage access to upstream proxies. The policies can allow or deny access to upstream proxies based on network location, direct web requests to a specific upstream proxy depending on the type of request and provide load balancing and fail over.
Policies
By configuring multiple upstream proxy policies, you can balance the web request load across two or more upstream proxies.
Once you've configured policies for the upstream proxies that you need, the Smoothwall Filter compares any web requests against the policy table and each of the proxies can service the request, so load balancing and failover rules are used to pick the most suitable proxy. The Smoothwall Filter monitors availability of upstream proxies automatically and avoids forwarding requests to unavailable proxies.
If none of the proxies permitted to service a request are available, the Smoothwall Filter uses the default proxy. If the default proxy isn't available, or if no default proxy is configured, the request is forwarded directly to its origin server.
Enforcing usage
You can prevent web requests from being forwarded directly to their origin servers when other permissible upstream proxies are unavailable, by turning off the Allow direct connections option.
For advanced control of direct connection behavior, you can configure policies using the Default upstream proxy option "None". For example, to prevent only YouTube traffic from being sent directly, select the Allow direct connections option, then create a policy with an Upstream proxy with "None" selected, the Action of "Block", and a destination filter corresponding to the youtube.com domain.
Conversely, to allow direct access only for requests to certain sites, clear the Allow direct connections option and create a policy with an Upstream proxy with "None" selected, the Action of "Allow" policies matching those requests for which direct access is permissible. This might be useful for bandwidth conservation if direct access is routed over a slower link than access to the upstream proxies.