April 16, 2021

Automatic proxy setup using HTTP

I work for a fairly large organization (not in IT myself) that’s been having issues seemingly related to proxy configuration, so just out of curiosity I opened the proxy settings (Windows 10) and discovered that the script address for automatic proxy setup uses HTTP instead of HTTPS. I doubt it’s what’s causing the current problems, but does this indicate a potential security issue, or is this normal?



Just means that the proxy config is pulled down unencrypted. Minimal risk given an assist already has to be on your internal network before making that request. Also, that not a target for any bad actor getting on your network. They’ve most likely compromised an existing host with proxy setup. And even if it was HTTPS, that just means the script would be delivered over an encrypted protocol and it would be harder to intercept. There’s normally zero authentication required to request the proxy config from the server, so who cares if it’s encrypted or not.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.