did i mention i HATE transparent proxies?

, posted: 6-Jun-2008 13:52

this post will contain swearing When i open a connection to [random IP] on port 80, it's because i want to connect to that IP on port 80 -- i don't want to connect to telstra's fucking transparent proxy. I did the DNS look up already, it's to a DNS server that telstra don't have. I don't need telsta's proxy to tell me that it doesn't resolve on the internet .. I don't care about internet DNS. I'm trying to work from home. I'm doing port 80 stuff that aint internet stuff. so FUCK OFF telstra and let me connect to the IP i want to connect to. in summary... FUCK OFF TRANSPARENT PROXIES AND DIE IN A FIRE!

Other related posts:
Draconian copyright law: Section 92 a SCRAPPED
Section 92 - Public Demonstration
will new zealand extend copyright to 80 years after artist death?






Comment by freitasm, on 6-Jun-2008 14:02

OTOH it's wise to not use port 80 unless really it is http traffic, right?


Comment by sleemanj, on 6-Jun-2008 14:12

A-bloody-men to that.  That crappy transparent proxy of TelstraClear has caused me much lost hair in the past.  Unreliable interferring piece of shit it is.


Author's note by taniwha, on 6-Jun-2008 14:31

@freitasm It is http traffic.


Author's note by taniwha, on 6-Jun-2008 14:35

@freistasm i work with http stuff that isn't websites... i some cases it's very unusual http. think of it as http++. I might be testing for behaviour during bad http requests -- or just plain doing unusual things. I work for a telco. Things like SMS, MMS, certificate exchanges, they are port 80 and they're not something the transparent proxy understands. It should fuck off out of my way. and It's none of telstra's business what i do on port 80 to my own servers.


Comment by tonyhughes, on 6-Jun-2008 14:46

Holding back on telling us how you really feel about the situation isn't going to help anyone.

Try opening up, be expressive, maybe even swear a little.


Author's note by taniwha, on 6-Jun-2008 14:49

squeee @ Tony :-)


Comment by xcubed, on 6-Jun-2008 16:11

We had similar issues with Slingshot a while back. The trouble is that these ISPs are implementing the proxies in two parts: the redirection to the proxy, then the proxy itself. (Although really they should keep their mits off HTTP traffic completely. If they want to cache web traffic they should build a CDN or host an Akamai box)

If I send a request to 1.2.3.4 from 5.6.7.8, their firewall discards the 1.2.3.4 replacing it with the IP of the proxy server. This means that the proxy only sees a request from 5.6.7.8 with no idea where it was originally destined to go to (other than parsing the HTTP headers).

If they were smart about how they implemented it, the proxy would not need the redirection in front, so it would see that the original request was destined for 1.2.3.4 and be able to forward it there without having to do any DNS requests.

Alternatively, they should just let customers opt out.

Transparent proxies are a PITA.


Comment by olof, on 6-Jun-2008 17:31

Ok, I work for TelstraClear, so I guess I will be getting flamed now. Kevlar vest on  :-)

Transparent proxies are really a double egded sword. There are only two reasons why we have implemented them in the first place:

1) Improve customer experience
2) Lower international bandwidth costs

Obviously, keeping content close to customers reduces latency and improves performance. However, as we all know, transparent proxies can sometime cause issues. However, in general transparent proxies greatly improves customer HTTP experience. Especially when you as in NZ live at the very edge of the internet with high latencies to the US.

As you can imagine, international bandwidth is one of the primary costs in providing broadband to customers. The ongoing video/media revolution, with YouTube and the likes, is obviously driving bandwidth consumption even further.

And by the way, we do host CDNs. For example, we are hosting Akamai. (And you will notice a huge performance gain when using Akamized content, such as Apple's trailers.)


Comment by insane, on 7-Jun-2008 23:55

if you call up you might find they have provisioned a way to get around it. One of the ISP's I have a connection through allows me to place a '?' eg. http://www.trademe.co.nz?/ at the end of the URL to bypass the proxy. Telstra might do something similar...


Comment by bill, on 30-Jun-2008 08:21

I just figured out that Slingshot are using transparent proxy as OpenDNS was not blocking sites as expected. I thought it was strange that a request to asdgff.dfgdf.dfsg for example was coming back with html code not a dns error or the OpenDNS page. But if I tried asdgff.dfgdf.dfsg:1234 I got to the OpenDNS "site not found". Which NZ ISP don't use transparent proxies? I thought OpenDNS would be a easy and free way to control my son's access to the internet. I guess I going to have to use a commercial piece of software to control what he stumbles across. Cheers Bill


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage:

taniwha's profile

Wally (Brenda) 
Te Whanganui O Tara
New Zealand