inline/transparent proxy with custom upstream proxy rules

[Sub Contact]

Hi Everyone,

I'm struggling to understand how to make use of the many proxy libraries out there (EG node-http-proxy) to setup a transparent/inline/intercepting proxy that would run on a network gateway.

The purpose of the proxy is to determine which upstream proxy (or none) the request should go via. Some upstream proxies will need basic auth (details to be supplied by the proxy app).

It would essentially follow similar behaviour to an auto proxy pac configuration except that it's inline and the authentication is supplied directly.

We need to do this because we are testing thick client apps (EG Android) that are not forward proxy aware and the network requires different upstream proxies depending on the domain.

I think I've confused myself by reading too much and am unsure of which libraries can do this. EG node-http-proxy seems to work as a forward proxy but I need a transparent/inline proxy.

Also examples for upstream proxies always seem to specify one proxy but I would need to determine the proxy at runtime based on the domain name.

This would of course need to work for both http and https - I have no need to inspect the body of the request/response and would want to tunnel the secure requests as is and not use separate certificates.

I'd appreciate some basic pointers as I just haven't understood how to do this.

Client --------> Gateway + iptable rules + nodejs inline proxy (http / https) app -----------> direct, via proxy1 (with app supplied basic auth), via proxy2 (with separate app supplied basic auth) depending on domain name (like proxy.pac behaviour)

Thanks!