In a forward proxy configuration, the web proxy server is used within a company’s local area network behind a firewall or in the DMZ. Path A in the following figure illustrates that browser users connect to internal and external servers via a proxy server behind a firewall. Usually as a matter of policy, all browsers in the company are configured to go through the proxy server to connect to internal and external web servers. A browser can be configured to bypass the proxy server (path B in the figure), but this probably would go against policy.
The web proxy server might be set up inside the firewall, as in the figure, or in the DMZ. If inside the firewall, the proxy server is configured to route internal HTTP traffic directly to the servers. It does this based on the domain name or IP subnet. If in the DMZ, the browser is configured to route HTTP to the proxy when an Internet server is detected.
Activator can be deployed in a forward proxy environment. While this does not require modifying browsers, adjustments are required for the proxy server.
The proxy server needs to be configured to restrict hosts to Activator domains. It also must be configured to provide direct access to internal web servers.