[Feature request] Chrome Proxy should have exclusive filter to bypass a State firewall, download updates and sync user profiles
Reported by
andrey.v...@gmail.com,
Nov 26 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 8872.54.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.54 Safari/537.36 Platform: Firmware Google_Monroe.4921.17.0 Example URL: https://www.linkedin.com Steps to reproduce the problem: 1. Open Google Chrome in Russia 2. Try to open https://www.linkedin.com (Site have blocked by State Firewall) 3. Try to setup Chrome Proxy to access ONLY linkedin.com domain by proxy What is the expected behavior? Chrome Proxy settings should allow to implement scenario when almost sites are accessing directly but only few blocked sites accessed through proxy. What went wrong? You can not setup Chrome Proxy for only one domain (or a few list of domains). Did this work before? No Chrome version: 55.0.2883.54 Channel: beta OS Version: 8872.54.0 Flash Version: Shockwave Flash 23.0 r0 Chrome Proxy API exists for years and its main conceptions is outdated for now. In current version Chrome Proxy API allows user to create "Bypass List" which is used to exclude listed domains from proxy. It works fine for business scenario when user located in a corporate network and he want be able direct access to internal servers. However, The World has changed dramatically for last years. For now the most common scenario in China, Russia and other countries with strong sensorship is when user located in public network and he want be able direct access to all sites but use proxy for hundreds of sites ("Proxy List") which were banned by a state firewall. Available free Internet proxies are absolutely unreliable by performance and availability for everyday use that is why proxies should be used only for bypass state firewall and direct access should be used for all other sites which are not blocked yet. Setting up "Bypass List" in Google Chrome to emulate the second scenario is a nightmare. See attachments below to look at my proxy settings for Google Chrome which make proxied access for only 3 domains (one in each of com, org and co.uk zone). Chrome Extesions for proxy are not a panacea because at least some of them are sponsored by state agencies and user have no possibilities to check their behavior while extensions can steal user's information from all open tabs and send it to "proxy" server. For now users in China and Russia actively throw out their Google Chrome in favour of Opera or Tor browsers which have built-in tools to bypass states firewalls. However users of Chrome OS devices can not change their browsers without change the whole platform. This trend may wipe out the whole Chrome ecosystem. To save Google Chrome in a half of the World I suggest to implement into Chrome Proxy an "Exclusive mode" with high priority the following way: 1) Chrome Proxy API (and UI in Chrome Settings) should be able to allow user choose between "Bupass mode" (default) and "Direct mode". Proxy behavior in "Bypass mode" is the same as now (for compatibility). Proxy behavior in "Direct mode" is using a "Proxy List" instead of "Bypass List". The purposes of "Proxy List" are the following: 1) If a resource's domain is listed in "Proxy List" then browser should access the resource through proxy. Otherwise browser should get resource directly. 2) "Proxy List" should be included in Chrome Proxy API 3) All proxy settings from G Suite domain policy should be applied for a computer as default but user may overwrite them in his own personal (no domain) profile while at home. 4) Each "Proxy List" record should contains the following attributes: a) <Domain Name> (like "google.com") - it should be interpreted by proxy as domain and all its subdomains (google.com + *.google.com) b) <Proxy Name> which has format <Proxy Type>:<Proxy IP address>:<Proxy Port> <Proxy Type> (like HTTP, HTTPS, SOCKS) - it should be interpreted by proxy as protocol (may be checked in UI in advance and blocked if failed to support) <Proxy IP address> - proxy IP address <Proxy Port> - proxy port 5) [Optional] Google Chrome may have its own hidden proxy to access only google.com for at least initial setup, login, update and profile sync purposes. In other way the first record of Proxy List may be read-only and always store "google.com" domain only. Individual proxy settings for each "Proxy List" record are very important because some sites (for example linkedin.com which have blocked in Russia) may sponsored their proxies which can support access for their site only. If <Proxy Name> was ommited for particular <Domain Name> then proxy should use default settings for this <Domain Name>.
,
Nov 29 2016
PAC files are tools are useful for network admins only. PAC files implementation mechanics required: 1) Knowledge of JavaScript 2) Additional host server which can deliver a proxy.pac file for Chrome OS device or additional local proxy server which deliver a wpad.dat file via Web Proxy Autodiscovery protocol. How many ordinary users (non IT professionals) have this infrastructure at home and can modify JavaScript file? This why PAC files can not be used in practice to solve the main problem - allow ordinary users to bypass State Firewall with Chrome browser. For ordinary users (especially on Chrome OS) proxy settings UI should be extended to include simple switch "Bypass mode"/"Direct mode" and additional list which allow everyone without any knowledge of JavaScript, PAC file standard etc add domain/proxy exclusion pairs into the "Proxy list" manually. I think that it will be nice to extend Chrome Proxy API too accordingly. However at the first phase of implementation you may choose to extend Proxy Settings UI in Chrome internally powered by PAC file standard.
,
Nov 29 2016
PAC files can be specified by the command line, using a file URL, so a server is not needed. There are tools to write them, and the level of JS knowledge needed isn't much more than the level of knowledge needed to provide a list of URLs to the command line.
,
Nov 29 2016
Chrome browser should work on all major platforms which are include Chrome OS. More over, Google Chrome is not for Web Developers only but for ordinary people without any IT skills at all. Nobody can require people to be proficient in "simple" JavaScript editing as well as know about any special tools for editing some parts of browser settings and especially be proficient in Crouton (Chrome OS Dev Mode) and Linux file system to be able placing proxy.pac file on Chrome OS localy and lauch Chrome with modified keys in command line. Also you should not require from your grandmother to setup WPA on her local proxy server to use Google Chrome definitely. Chrome browser for all people that is why solution should be for everyone. The following technologies are not allowed for public adoption: 1) JavaScript proficiency requirement 2) Knowledge additional tools to Chrome 3) OS administration skills To gain mass adoption the solution should be very simple to setup for people without any administrative skills and the solution should not require ANY additional tools.
,
Nov 29 2016
Thanks for the feature request! I agree that there are many complicated setups for proxy, and the UI for proxy settings (or lack thereof in Chrome) is subpar. As things stand right now, Chrome is deferring the UI presentation to extensions. And on the implementation side the configuration is described using PAC scripts (which may be hand-crafted by network admins, or generated by extensions). I think that is the best place for this feature to continue living for now. (it is hard to reduce proxy settings to a declarative form that satisfies all use cases; your proposal will be helpful for some users, but not a general declarative substitute for all the use cases people currently have either). Cheers.
,
Dec 2 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by mmenke@chromium.org
, Nov 28 2016