• United States
Senior Editor

Web proxies explored, Part 2

Jul 20, 20042 mins

* Necessary components of Web proxies

Last week I shared the Meta Group’s views on the pros and cons of Web proxies. This week, I’d like to relate the analyst firm’s perspective on what a Web proxy should be.

The Web proxy represents a “central choke point” for Web traffic and a potentially vulnerable doorway to the public Internet for hackers, worms, viruses and other security threats, says Senior Research Analyst Peter Firstbrook in a recent Meta report. He details how Web proxy technology can become an adequate Web gateway – in terms of traffic performance and network security – by providing proper policy controls.

“To be considered a Web gateway, the proxy/cache must enforce granular acceptable use and security policy,” he writes.

Web proxy policies can include blocking pop-up ads, identifying browser type and version number, stripping active content, blocking file transfers and creating custom URL filtering categories. Policies can also identify traffic type and set rules for end users. But “it is not sufficient for policy to simply allow or block access,” Firstbrook writes, “granular policies must be user- and group-specific; therefore integration with directory schemes is also necessary.”

Vendors must provide URL filtering and content management to some degree and integration with policy controls to enable products to dynamically refine filters based on established rules and policies. Firstbrook says it is important to combine policy and proxy server rules with URL filtering capabilities.

Anti-virus products for Web gateways should not be viewed separate from e-mail or other anti-virus products, either. Firstbrook writes that the technology should and will most likely be integrated into Web gateway products to catch spyware and control active content, for example. Lastly, the report states Web proxy vendors should support a broad range of cached and proxy protocols to avoid “complex routing schemes and provide a single consistent gateway choke point for applying policy.”

While Firstbrook’s research and analysis finds vendors similar in most areas, Blue Coat comes out on top with the “greatest focus” on policy capabilities and “the best graphical policy editor.” Blue Coat Systems, formerly CacheFlow, tops Microsoft, Cisco and Network Appliance in this category. Microsoft has a graphical editor as well but has fewer policy controls, and Cisco and Network Appliance both currently rely upon command-line or graphical user interfaces to develop policies. Firstbrook expects Network Appliance and Cisco to add to this capability in 2005.