Need a Forward Proxy?

ApplicGate can act as a web proxy server to act as an intermediary for requests from clients seeking resources from servers that provide those resources. It thus functions on behalf of the client when requesting service, potentially masking the true origin of the request to the resource server.

  • Control http traffic
  • Source level routing
  • Log http and (break) http traffic
  • IPv4 <-> IPv6 conversion

Use Cases/TechInfo

Control http Traffic

Define allowed destinations by (time dependent) filter groups to restrict access

  • To restrict access define filter groups with DNS names, IP addresses and TCP port (optional).
  • Wildcards can be used. Multiple groups are allowed.
  • Filter groups can be enabled and disabled by timers.
  • Complex timer schemas with date, time and weekdays can be specified
Forward Proxy

Source Level Routing

By using multiple instances of ApplicGate a complex routing infrastructure can be built.

E.g. a process within a secure network needs access to a specific destination in the Internet via another private network.

  • Multiple ApplicGate instances with proxy functionality can be cascaded. Now the first ApplicGate can send multiple CONNECT commands to route through the network.
  • This can be combined with TLS encryption and authentication by client certificates.
  • This schema is protocol independent and any protocol based on TCP can be used
Cascaded Proxies

Log http and (break) https Traffic

Intercept http and encrypted https data stream and log it in clear text. This is very useful for development, debugging and support of web services.

  • Full data logging can be enabled and the logged data can be seen via the web interface of ApplicGate.
  • To log https traffic in clear text the TLS data stream must be decrypted (man-in-the-middle).
  • The necessary web server certificates are generated on the fly.
  • Prerequisite is a signing certificate (“CA certificate”) that will sign all generated certificates.
  • This signing certificate can be generated by e.g. a PowerShell command easily.
  • The clients accessing the ApplicGate proxy must trust this signing certificate. Otherwise the web browser will issue an error or warning message.

Specific targets can be excluded from decryption. Exclusion is necessary if the target web server requests a certificate from the client.

Forward Proxy

IPv4 <-> IPv6 Conversion

The ApplicGate proxy interconnects IPv4 and IPv6 networks.

IPv4 clients can reach IPv6 web sites and vice versa.

  • Any ApplicGate routing entry can have up to two different IP addresses used as source address for outgoing connections.
  • If two addresses are configured one address must be an IPv4 address and the other must be an IPv6 address.
  • Dependent on the type (address family) of the target address the matching source address will be chosen.
Forward Proxy

FAQ + Techblog

Q: Is ApplicGate available for Linux also?

A: Yes, it is. Send an email to and we will be glad to send you a version built for Linux.

Looking for a Reverse Proxy?

How to tunnel UDP traffic over TCP

If you would like to secure UDP traffic via unsecure networks or network segments you can add authentication and encryption easily.

Subscribe to ApplicGate News

Interested in new use cases and ApplicGate applications? Subscribe to our newsletter and never miss a new topic!

Quick Contact Form