⚠️ The following is intended for IT departments ⚠️

If your organization requires a proxy to allow Dilato to connect to the internet, follow these instructions. You may want to install Dilato using GPO before setting up the proxy.

If you are updating from 1.43.0 go here.

Table of contents

• Setting Proxy Parameters
  • Use operating system settings (default)
  • Use direct connections
  • Use different proxy server than the OS
• Whitelisting Dilato servers
• Using MITM-style proxy
  • Disabling certificate verification
• Authenticating with the proxy server
• Testing connections with proxy
  • Troubleshooting
• For admins updating from Dilato 1.43.0

Setting Proxy Parameters

Starting with Dilato 1.44.0, the app automatically uses operating system proxy settings and no additional setup is required. Note, that the proxy server must support HTTPS traffic.

Use operating system settings (default)

Refer to official guides for setting OS-level proxy:

• for Windows: https://support.microsoft.com/en-us/windows/use-a-proxy-server-in-windows-03096c53-0554-4ffe-b6ab-8b1deee8dae1,
• for macOS: https://support.apple.com/guide/mac-help/change-proxy-settings-on-mac-mchlp2591/mac.

You can also set the DILATO_PROXY environment variable value to system to force its use of the OS proxy settings (default behavior).

Use direct connections

If you want to force the app to use the direct connection (bypassing the OS proxy), set the DILATO_PROXY environment variable value to direct. Restart the app for changes to take effect.

Use different proxy server than the OS

If you want to force the app to use a different proxy server than the one specified by the system settings, set the DILATO_PROXY environment variable value to https=<host>:<port>.

Example:

DILATO_PROXY="https=127.0.0.1:8080"
DILATO_PROXY="https=socks4://127.0.0.1:8080"
DILATO_PROXY="https=socks5://127.0.0.1:8080"

Restart the app for changes to take effect.

You can verify in app settings the configuration did take effect:

Whitelisting Dilato servers

If your proxy blocks all servers by default, make sure you allow Dilato domains:

ALLOW *.dilato.app

Authenticating with the proxy server

If your proxy server requires authentication, NTLM authentication is supported.

The server host must be allowed by the Windows Zones Security Manager (queried for URLACTION_CREDENTIALS_USE). By default, this includes servers in the Local Machine or Local Intranet security zones. This behavior matches Internet Explorer, Microsoft Edge, and other Windows components.

Using MITM-style proxy

As of today, Dilato supports MITM-style proxy. However, in the future, we are planning to stop supporting this kind of proxy and use certificate pinning with our servers. This means, only pass-through proxies will be allowed in the future. If this affects your organization, please contact us at info@dilato.app.

To use a MITM-style proxy you must install a CA certificate in the OS trust store for HTTPS traffic to work with your proxy server.

Disabling certificate verification

In Dilato 1.44.0, you can disable certificate validation by setting the environment variable:

DILATO_DEPRECATED_UNSAFE_DISABLE_CERTIFICATE_VALIDATION=1

Restart the app for changes to take effect.

⚠️ This option will be supported only in Dilato 1.44.0. This is to give admins enough time to update the OS trust store with correct certificates. However, starting with 1.46.0, this environment variable will have no effect — requests made to proxy servers that don't support HTTPS or don't use a trusted certificate will be rejected.

Testing connections with proxy

Go to the app settings, scroll to the Proxy section and click Test proxy configuration. When you get "Configuration is correct", the app could successfully connect to Dilato servers over HTTPS.

Troubleshooting

1. Verify in app settings that the correct mode is selected (direct, system, or manual).
2. Make sure the host and port are input correctly:
   1. If you are using system settings, in the operating system settings,
   2. If you are using manual settings, in the Dilato app settings,
3. Ensure that no firewall or antivirus is preventing Dilato from connecting to its web servers,
4. Verify Dilato servers are allowed.
5. (if using MITM-style proxy) Verify correct CA certificate is installed in the OS trust store.

For admins updating from Dilato 1.43.0

In versions 1.43.0 and earlier, Dilato proxy could be configured using app settings or the InfoProxy.txt file.

If you previously configured the app's proxy using one of these methods we recommend switching to using the operating system proxy settings.

Basic auth is no longer supported. Refer to the authentication section for more details.

The file ...\Users\%username%\AppData\Roaming\Dilato\InfoProxy.txt is no longer used in version 1.44.0 and can be safely removed.