A transparent proxy, versus a traditional proxy, accepts client requests without modifying them in flight. These proxies are considered transparent because they make the client's IP address public within the HTTP request header.
They're also called "forced proxies," since one can covertly install them without user permission or configuration. Both webmasters and Internet Service Providers (ISPs) can implement them as they see fit.
How does a transparent proxy work?
Transparent proxies preserve your client IP address and make no attempts to obfuscate it within the request header. A transparent proxy can intercept requests and make routing decisions, once it identifies and verifies your connection. It does not protect or alter client IP addresses in any way.
Any firewall placed behind a transparent proxy performs filtering without users knowing, though its settings are more readable by malicious software. That said, these proxies require relatively little configuration to work properly (versus a traditional reverse proxy), which is a bonus.
Why are transparent proxies useful?
First, transparent proxies enable functions like content filtering (for website access control) in personal computing, government, academic, and corporate environments. Generally, users will encounter error messages if they attempt to access websites found on the proxy's restricted list. These error messages are customizable and make it more challenging for users to know they're being censored. This is the most common overall use case.
Next, transparent proxies are typically responsible for any authentication-related redirects users experience while trying to access websites. The proxy recognizes attempts to access sensitive information and will ultimately prompt you to verify your identity before proceeding.
Lastly, transparent proxies support web caching. They can intercept client requests to previously visited websites and send any saved data without asking the user to re-download it (or store it locally). This also saves bandwidth—something very important as web applications scale.
Does HAProxy offer transparent proxy functionality?
Yes! HAProxy supports a transparent proxy mode in cases where hiding the client IP address isn't desirable. While establishing a TCP connection to the server, HAProxy can spoof the client IP address and make the server think it's directly communicating with the client itself.
Transparent binding and proxying rely upon an underlying Linux kernel (tuned appropriately) and operating system. Otherwise, HAProxy ALOHA can operate in a selectable transparent mode at Layer 7.
