Поделиться через


SOCKS Proxies in Internet Explorer

We recently had a report over on the IEBlog that SOCKS proxies are not supported by IE9 Beta. That observation is correct, and a regression from prior versions of Internet Explorer; IE9 Beta simply ignores the SOCKS proxy if one is specified in the Internet Control panel.

Update: This regression, introduced in IE9 Beta, was fixed in the IE9 Release Candidate.

Outside of this regression, WinINET (and thus IE) only supports sending traffic to a SOCKS proxy via the v4 protocol. One major shortcoming of v4 of the protocol (remediated in version 4a, not supported in any version of IE) is that the v4 protocol requires that the client send the target IP address of the remote site in its request to the proxy. That limitation means that the client computer must have a working DNS resolver. It also means that even if SOCKS is being used to route traffic to the proxy over a secured connection (e.g. SSH), the client will perform DNS requests from its local, unsecured network connection. This may also pose a privacy threat if the client is using SOCKS to connect to the TOR network (since DNS queries will be performed outside of the TOR protocol).

To date, we’ve heard very little feedback about the limited support for SOCKS in IE. Most users are satisfied with the existing CERN-proxy support for HTTP/HTTPS/FTP traffic, and for cases where full socket proxying is required, VPN or RAS software is used instead. Note that it's also possible to use a proxy like Fiddler as a gateway/bridge to an upstream SOCKSv4a server. See this StackOverflow entry for details.

-Eric

Comments

  • Anonymous
    October 08, 2010
    The comment has been removed

  • Anonymous
    October 09, 2010
    The comment has been removed

  • Anonymous
    October 09, 2010
    How will this affect other programs that use the SOCKs proxy functionality of WinInet? Will they be broken after the user installs IE9?

  • Anonymous
    October 25, 2010
    The comment has been removed

  • Anonymous
    November 24, 2010
    Simply ignoring the setting in IE because it only supports SOCKS4 is just silly. Microsoft really should look at improving this to at least 4a (this is a very small change in the protocol) but if this can't be done why remove a feature that was there just because it only supports an older protocol? This is a bug in my opinion especially considering the SOCKS opton is still available in the Internet Settings tab. This feature is used by thousands of people worldwide that I know about (I run an IP changing service) and we have to tell them that they cannot use IE9 because this feature simply does not work.

  • Anonymous
    November 25, 2010
    The comment has been removed

  • Anonymous
    December 20, 2010
    My only use case for IE is to run OWA. I run OWA through a socks proxy to connect to work. So, yes, this is critical functionality for at least one user.

  • Anonymous
    January 28, 2011
    For working at home I do need IE over Socks. Only way to test IE websites from our development server (connect to webserver over SSH). Otherwise IE can only be tested at the physical office (or over VPN, which we don't have (only SSH)).

  • Anonymous
    December 08, 2012
    The comment has been removed