Distil as a Layer 2 Bridge (Transparent Proxy)

The Distil Appliance is unique in that it can be deployed in two ways. They are:

  • Layer 2 bridge, a.k.a., transparent proxy

  • Layer 7 reverse proxy

NOTE: Distil can also deploy as a Layer 7 reverse proxy with the customer-provided appliances/instances, Distil Cloud instances, and Private Distil Cloud instances.

The transparent proxy deployment option is built on top of a layer 2 bridge. Web traffic on the bridge is intercepted and proxied transparently on layer 7. For the surrounding network it functions as a normal bridge, but still permits the layer 7 inspection needed for automation detection and mitigation. The transparent proxy inspects all traffic flowing from the load balancer to the origin server, analyzing each request. It then either forwards the request to the origin server or instructs the load balancer to respond to the client with a block, drop, or captcha page (if Distil deems the request to be malicious). This lessens your load balancer load, cutting the traffic amount passing through it in half.

Our transparent proxy option drastically reduces the implementation time for our existing private, on-premise deployments from a matter of days to a few hours. It also requires the least amount of your configuration time and effort since you don’t have to change any of your existing load balancer rules and/or IP configurations. Instead, all you need to do is request the transparent proxy deployment and plug in our preconfigured appliance to bridge traffic between your load balancer and origin server.


1.  The client makes a request and it is received at the load balancer

2.  The load balancer proxies the request to the origin, via the Distil appliance operating in layer 2 bridge mode on egress of the load balancer

3a. Distil inspects the request, no threat response and no identification test is required, and the request is transparently proxied to the the origin

3b. Distil inspects the request, a threat response is required, and Distil returns a threat response page to the load balancer, and the load balancer returns that threat response to the client, and the client processes the CAPTCHA, Block, or Drop

3c. Distil inspect the request, an identification test is required, and Distil returns an identification test page to the load balancer, and the load balancer returns that identification response to the client, and the client completes the identification test, then returns to step 1

4.  The origin responds to the request, returning the content requested and sending it back to the Distil Appliance

5.  The Distil appliance returns the content to the load balancer, injecting the Distil Fingerprint Test and Distil Honeypot Link in responses which are text/html

6.  The load balancer returns the content to the browser

How do I request Distil’s transparent proxy?

The transparent proxy deployment is only available as an on-premise option using the Distil appliance. To request it, simply get in touch with Distil. We will help plan and coordinate the best deployment for you, then configure your Distil appliance before shipping it to you.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request