About upstream proxy polices

You can configure and deploy policies to manage access to upstream proxies. The policies can allow or deny access to upstream proxies based on network location, direct web requests to a specific upstream proxy depending on the type of request and provide load balancing and fail over.

Policies

By configuring multiple upstream proxy policies, you can balance the web request load across two or more upstream proxies.

Once you've configured policies for the upstream proxies that you need, the Smoothwall Filter compares any web requests against the policy table and each of the proxies can service the request, so load balancing and failover rules are used to pick the most suitable proxy. The Smoothwall Filter monitors availability of upstream proxies automatically and avoids forwarding requests to unavailable proxies.

If none of the proxies permitted to service a request are available, the Smoothwall Filter uses the default proxy. If the default proxy isn't available, or if no default proxy is configured, the request is forwarded directly to its origin server.

Enforcing usage

You can prevent web requests from being forwarded directly to their origin servers when other permissible upstream proxies are unavailable, by turning off the Allow direct connections option.

For advanced control of direct connection behavior, you can configure policies using the Default upstream proxy option "None". For example, to prevent only YouTube traffic from being sent directly, select the Allow direct connections option, then create a policy with an Upstream proxy with "None" selected, the Action of "Block", and a destination filter corresponding to the youtube.com domain.

Conversely, to allow direct access only for requests to certain sites, clear the Allow direct connections option and create a policy with an Upstream proxy with "None" selected, the Action of "Allow" policies matching those requests for which direct access is permissible. This might be useful for bandwidth conservation if direct access is routed over a slower link than access to the upstream proxies.