Forward client traffic through a parent proxy

Use SafeSquid as a child proxy in front of a corporate (parent) proxy. A simple configuration in SafeSquid forwards all client requests to the parent proxy. SafeSquid can still perform HTTPS inspection and policy enforcement before forwarding; the parent handles upstream connectivity and any corporate policy.

Traffic flows from the client through the child SafeSquid to the parent proxy, then to the internet:

Example scenarios:

Proxy chain scenario: client, child proxy, and parent proxy network layout

Here am using two proxy servers as SafeSquid only

My client (Browser)## 's network IP - 192.168.0.27

My Child Proxy## 's network IP - 192.168.27.50 (with no direct internet Access)

My Parent Proxy## 's network IP - 192.168.27.100

Configuration on child proxy:

Deploy SafeSquid proxy
Enabling SSL inspection in SafeSquid
Downloading ROOT CA certificate from SafeSquid
Deploy certificate in client browsers.
Enable forwarding to parent proxy using forwarding section

Configuration on Parent proxy:

Deploy SafeSquid, it is up and running, no extra configuration required in parent proxy

Prerequisites

Enable HTTPS inspection on child proxy (optionally on parent proxy also). Check our document to configure HTTPS inspection on SafeSquid - How to configure HTTPS inspection

Import SafeSquid child proxy ROOT CA in client browser

Note: No configuration required on Parent Proxy server. Just deploy the parent proxy and make sure that it is up and running.

Configure proxy chain in SafeSquid

Access the SafeSquid Configuration Portal.

Open Configure page

Configure page in SafeSquid interface

Open Application Setup → Proxy chain

Application Setup section in sidebar

Proxy chain section in Application Setup

Enable Global section

Enable Global section for proxy chain

Global proxy chain toggle and options

Saving Global proxy chain configuration

Open Forwarding proxies and add an entry

Forwarding proxies section Add new forwarding proxy entry

Forwarding proxy form with comment field

Entering parent proxy host or IP

Forwarding proxy entry with IP 192.168.27.100

In the example: my upstream proxy ip: 192.168.27.100

Entering parent proxy port

Forwarding proxy port 8080 configured

In example: my upstream proxy listening on port 8080

Submit forwarding proxy entry

Forwarding proxy list with new entry

Save configuration button

Save conf confirmation

Configuration saved successfully

Test proxy chain connectivity

Testing proxy chain connectivity

Proxy chain test result or log

Verifying traffic through parent proxy

Save configuration

Save configuration to apply proxy chain settings

When the administrator clicks Save config, a prompt asks for confirmation to store the configuration in the cloud.

Select Yes only in below cases:

to reuse this configuration in other SafeSquid instances.

if the total configuration in all sections is completed and validated.

Otherwise select No and click on submit.

Verification and Evidence

Interface Checks: In Configuration Portal, open Application Setup → Proxy chain. Confirm Global is enabled and the forwarding proxy entry shows the correct parent IP and port.
Log Analysis: Check SafeSquid access logs for requests showing the parent proxy as upstream; connection failures to the parent appear in logs with connect errors.
Performance Validation: From a client behind the child proxy, browse an external site; traffic should succeed and appear in both child and parent proxy logs.

Next steps

Forward Proxy for explicit proxy without chaining.
SSL Inspection for HTTPS inspection on the child proxy.
Troubleshooting if connectivity or parent proxy errors occur.

Prerequisites​

Configure proxy chain in SafeSquid​

Open Configure page​

Open Application Setup → Proxy chain​

Enable Global section​

Open Forwarding proxies and add an entry​

Test proxy chain connectivity​

Save configuration​

Verification and Evidence​

Next steps​