Proxy Configuration

Configure Vrex to work with corporate proxy servers

Vrex uses WinHTTP for network requests. If your organization uses a proxy server, you’ll need to configure the system proxy for Vrex to connect.

Understanding Proxy Types

Browser Proxy vs System Proxy

Browser proxy: Configured in Chrome/Edge settings
System proxy (WinHTTP): Configured at the OS level

Vrex uses WinHTTP, not browser settings. Configure the system proxy even if your browser works fine.

Proxy Auto-Discovery

Windows can auto-discover proxy settings via:

WPAD (Web Proxy Auto-Discovery)
PAC files (Proxy Auto-Config)
Manual configuration

Configuring WinHTTP Proxy

Method 1: Import from IE/Edge

Import your browser’s proxy settings to WinHTTP:

netsh winhttp import proxy source=ie

Method 2: Manual Configuration

Set the proxy directly:

netsh winhttp set proxy proxy-server="proxy.company.com:8080"

With bypass list (for internal domains):

netsh winhttp set proxy proxy-server="proxy.company.com:8080" bypass-list="*.internal.com;localhost"

Method 3: PAC File

If your organization uses a PAC file:

netsh winhttp set proxy proxy-server="http://pac.company.com/proxy.pac"

Verifying Configuration

Check Current Settings

netsh winhttp show proxy

Expected output:

Current WinHTTP proxy settings:

    Proxy Server(s) :  proxy.company.com:8080
    Bypass List     :  *.internal.com;localhost

Test Connectivity

Test that Vrex endpoints are reachable:

# Test core API
Invoke-WebRequest -Uri "https://api.vrex.no" -UseBasicParsing

# Test authentication
Invoke-WebRequest -Uri "https://auth.vrex.no" -UseBasicParsing

# Test CDN
Invoke-WebRequest -Uri "https://cdn.vrex.no" -UseBasicParsing

SSL Inspection

Many proxies perform SSL inspection (man-in-the-middle). This can cause issues with Vrex.

Symptoms

Certificate errors
“Cannot establish trust” messages
Connections fail after initial handshake

Solution

Install proxy root certificate in Windows certificate store
Or bypass SSL inspection for Vrex domains (recommended)

Bypass List for SSL Inspection

Add these domains to your proxy’s bypass/allow list:

*.vrex.no
*.auth0.com
*.amazonaws.com
*.cloudfront.net
*.innoactive.io

Certificate Revocation

Vrex checks certificate validity via CRL and OCSP. If these checks fail, connections are rejected.

Common Issues

Proxy blocks CRL/OCSP endpoints
Revocation check timeout
“Unable to check certificate revocation” error

Solution

Allow access to CA revocation endpoints:

*.digicert.com
*.sectigo.com
*.globalsign.com
ocsp.pki.goog

Troubleshooting Proxy Issues

“Cannot check access” Error

Verify WinHTTP proxy is set correctly
Test connectivity to api.vrex.no
Check SSL inspection bypass

Authentication Required

Some proxies require credentials. Vrex uses Windows credentials automatically via NTLM/Kerberos. If using basic auth:

Pre-authenticate in browser
Ensure credentials are cached
Or configure proxy-less access for Vrex domains

Slow Connections

SSL inspection adds latency. Bypass inspection for Vrex domains for better performance.

Resetting Configuration

To clear proxy settings:

netsh winhttp reset proxy

Diagnostic Script

Run this to test all endpoints:

$endpoints = @(
    "https://api.vrex.no",
    "https://auth.vrex.no",
    "https://cdn.vrex.no",
    "https://vrex-releases.s3.eu-north-1.amazonaws.com"
)

Write-Host "Testing Vrex endpoints through proxy..." -ForegroundColor Cyan
Write-Host "Current proxy settings:"
netsh winhttp show proxy

foreach ($url in $endpoints) {
    try {
        $response = Invoke-WebRequest -Uri $url -UseBasicParsing -TimeoutSec 10
        Write-Host "✓ $url - OK ($($response.StatusCode))" -ForegroundColor Green
    } catch {
        Write-Host "✗ $url - FAILED" -ForegroundColor Red
        Write-Host "  Error: $($_.Exception.Message)" -ForegroundColor Yellow
    }
}