Using the Signiant App With Proxy Servers

The Signiant App works in environments where users have restricted access to a network and require a proxy server to move content.

The Signiant App determines the network environment when the application launches and when a transfer starts. If your network environment changes during a transfer, the Signiant App detects modified settings, including those for any proxy, and resumes the transfer.

When the Signiant App communicates with the target server in a firewalled environment, it sends control commands through the proxy server, but is allowed to bypass the proxy server when transferring file data.

The Signiant App uses UDP to conduct transfer protocols as most firewalls block TCP and HTTP connections. Bypassing the proxy using UDP also allows the Signiant App to take advantage of the transfer acceleration capabilities.

If the recommended TCP and UDP ports are not available, the Signiant App will still be able to perform an unaccelerated transfer using HTTP through the proxy server.

Configuring the Signiant App for Proxy Servers

The Signiant App can configure a proxy on a user’s computer in three ways:

  • Auto-detect proxy - uses a PAC file to point to the proxy server URL
  • Auto-config - configures automatically using a script or other automation
  • Manual - set directly by the user

The configuration methods are named differently in Windows and macOS:

Configuration MethodWindowsmacOS
Auto-detect ProxyAutomatically Detect SettingsAuto Proxy Discovery
Auto-config ProxyAutomatic configuration scriptAutomatic Proxy Configuration
ManualProxy server settingSecure Web Proxy

Your network administrator can assist with the configuration of your computer’s proxy settings.

WebSocket Communications and Using Proxies

You can use local communication to establish a secure connection between the browser and the Signiant App via the wss://transfer.software URL, which resolves to the user’s local machine.

WebSocket communication uses internal calls and does not need to call outside a firewall. The WebSocket implementation is fully backwards compatible. If an issue prevents a successful WebSocket connection, a fall-back connection is established via a third-party messaging service.

If firewalls and proxy servers do not allow WebSocket calls, and your network blocks both TCP and UDP traffic, WebSocket protocol communications are not affected.

If a firewall blocks all protocols, configure it to allow transfers from WebSocket protocol URLs to wss://transfer.software.

Note: Microsoft Internet Explorer 11 or earlier does not support WebSocket communication when used behind a firewall. All communication to and from the machine routes to the backup third-party messaging service.

Allowing WSS Commands With A PAC File

For networks configured using a proxy PAC file via DHCP Auto-Detect Proxy or Auto-Config Proxy, the PAC must set proxy handling for WebSocket communications (messages sent via wss) as DIRECT.

In a firewalled environment, messages sent directly via wss work since the WebSocket messages are between an end user’s browser and the Signiant App, meaning that messages do not need to pass outside the network firewall.

One method to bypass the proxy server for these messages is to use the PAC’s FindProxyForURL() function to return direct for messages via wss.

Example PAC file:

function FindProxyForURL(url, host) {

// send DIRECT if the URL protocol matches ws or wss AND
// target is 127.0.0.1 (i.e. localhost or transfer.software)

    if (
        (
            dnsDomainIs(host, "transfer.software") ||
            isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")
        ) && (
            url.substring(0, 3)=="ws:" ||
            url.substring(0, 4)=="wss:"
        )
) return "DIRECT";

// If the protocol or URL matches http or https, send via proxy

if (
url.substring(0, 5)=="http:") ||
(url.substring(0, 6)=="https:"
) return "PROXY your-server:8081";

    // All other conditions also go to proxy server
    return "PROXY your-server.example.com:8080";
}

Note: Microsoft Internet Explorer and Edge must use a customized PAC file for WebSocket communication.

Allowing WSS Commands on Windows 10

Configuration on Windows 10 can also be done by setting up the proxy server, along with specific bypass instructions, in your Internet Settings.

  1. Navigate to Windows Settings > Network & Internet settings.
  2. Click Proxy to open the Proxy menu.
  3. In the Manual Proxy Setup area, enable Use a proxy server.
  4. Enter your proxy server Address and Port.
  5. Add an entry under Exceptions for transfer.software.
  6. Enable Don’t use the proxy server for local (intranet) addresses and click Save.

Note: You can configure these settings in Windows 7 and 8.1 by navigating to Internet Properties > Internet Options.

Allowing WSS Commands Using Server Rules

It may be possible to configure rules within the proxy server itself, rather than relying on PAC files or individual user settings. The rules on the proxy server must allow wss commands to pass directly without alteration. A system administrator must set up the configuration for your proxy server.

SSL Intercept Proxy

The Signiant App supports a proxy server that operates in an SSL Intercept configuration. An end user working in this environment will have a certificate for the proxy.

Note: Mozilla Firefox uses a separated certificate mechanism for its SSL certificate rules. To use an SSL intercept proxy with Firefox, you must add the certificate to Firefox directly to ensure optimal behavior.