Small intro to proxy servers
Proxy means the authority to represent someone else to act on their behalf. A proxy server is a computer or router that functions as relay between client and server. Its the middle man on which traffic is bounced off. In this article we will familiarize with proxies.
Forward proxy
Often when we refer to proxy, its usually referred to forward proxy. It is the server that sits in front of a group of client machines. Whenever clients wants to make a request to any service on the internet, the request is sent to proxy server, which makes call to the web servers on the internet.
Fig above shows how traffic flows in case of forward proxy.
A is clients machine, B is forward proxy, and C is the web server where website data is stored.
Why would we use a forward proxy?
Well there are couple of benefits of using it.
- Access to blocked resources
some governments, schools and other organizations use firewalls to give their users access to a limited version of internet. Forward proxy can be used to bypass this restrictions as traffic flows through proxy and not directly. - Control Internet Usage
Proxies can be used to monitor and filter internet usage by connecting clients.Companies and school networks often have a proxy configured. With which social media sites like facebook or some malicious websites are blocked. - Privacy benefit
some time users want increased anonymity online, say for example in regions where governments impose serious consequences to political dissidents.Criticizing the government can lead to fines or imprisonment for users. if the user makes politically sensitive comments on social media websites. using proxy would make it harder to trace users IP address. Since only IP address that will be visible will be of proxy server. - Bandwidth saving and improved speed
Proxy can cache frequently access pages and hence save Bandwidth saving and provide improved speed. - Improved Security
Can act like a firewall between your systems and the internet. Without them, hackers have easy access to your IP address, which they can use to infiltrate your computer or network.
Following are some of forward proxy software
Application in anonymity proxy servers like VPN (server side software)
- php proxy
- cgi proxy
- glype
- squid
Reverse proxy
Reverse proxy is an internal facing proxy used as front end to control and protect servers on private network.
Fig above shows how traffic flows in case of reverse proxy.
D is clients machine trying to access website
E is reverse proxy which receives the request
and F is the web server where website data is stored.
In case of reverse proxy client request that go though proxy is normally originate over TCP/IP connections, while in the case of forward proxies client request normally comes from internal network behind them.
For forward proxy client has to configure and then provide url he wants to access. while in reverse proxy client only has to provide url he want to access. he has no idea about the servers seating behind it.
What are the benefits of reverse proxy?
- Load balancing
Reverse proxy can act as load balancer for the servers behind it. Load balancers play crucial role in high availability to network services that receive large volumes of requests. When reverse proxy load balances, it distributes incoming requests to a cluster of servers, all providing the same kind of service. - Protection from attacks
with reverse proxy, IP address of their origin servers are not revealed. this makes harder for attackers to leverage a targeted attack against them. such as DDos Attack. - Global server Load Balancing
website can be distributed on several servers around the globe and reverse proxy can send the client to the server geographically closest to them. this decreases the distance that request and responses need to travel, minimizing load time. - Caching
Reverse proxy can cache content resulting in faster performance. - SSL encryption
Reverse proxy acting as middle man, can Encrypt and decrypt SSL(or TLS) communications. This centralizes and simplifies SSL configuring. And frees up valuable resources on the origin server.
Some Reverse proxies softwares
- Apache mod proxy
- Nginx
- HAProxy
- Varnish cache
Proxies are often confused with gateways and VPN.
Gateway
Gateway is a typpycally a device through which calls to outside of internal subnet go through.
Functionally aproxy server that does not do any filtering is like a gateway, simply passing on requests from the computer to the Internet. A proxy server, however, is a more powerful networking component that can act as a gateway while protecting the network from outside threats. A gateway always risks exposing an internal network to the Internet because it does no filtering. It merely routes information from within the network to the outside.
VPN
VPN is a virtual private Network. Idea behind VPN is to combine computers and sub networks existing out there on internet into a virtually single, internal network. Nowadays most people call VPN as proxy with encryption.
Based on Anonymity Levels
- Anonymous proxy
This server reveals its identity as proxy server but does not disclose the originating IP address of the client. Although the server can be discovered easily, its users identity is hidden. - Transparent proxy
This server not only identifies itself as a proxy server but with support of HTTP header such as X-Forwarded for originating IP address can be retrieved as well. main benefit is ability to cache a website for faster retrieval. - Distorting proxy
A distorting proxy server passes along a false IP address for you while identifying itself as a proxy. This serves similar purposes as the anonymous proxy, but by passing a false IP address, you can appear to be from a different location to get around content restrictions. - High Anonymity proxy or Elite proxies
High Anonymity proxy servers periodically change the IP address they present to the web server, making it very difficult to keep track of what traffic belongs to who. High anonymity proxies, like the TOR Network, is the most private and secure way to read the internet.
Tunneling proxy
Tunneling is technique of using one protocol to transport data inside another protocol.
Tunnel is like a tube with a point at each end. The client program or server involved in communicating through it is not aware of this connection. The tunnel will be removed when either endpoints decides to drop the tunnel.
Tunneling proxy forwards request request to server while tunneling it. One of the example is SOCK proxy. SSH client creates a SOCK proxy. It takes local traffic sent to a specific port on your PC and sends it over the SSH connection to a remote location.
Protocol based proxy
SOCK Proxy
SOCKS, which stands for Socket Secure, is a network protocol that facilitates communication with servers through a firewall by routing network traffic to the actual server on behalf of a client. SOCKS is designed to route any type of traffic generated by any protocol or program.
A SOCKS proxy server creates a Transmission Control Protocol (TCP) connection to another server behind the firewall on the client’s behalf, then exchanges network packets between the client and the actual server. The SOCKS proxy server doesn’t interpret the network traffic between client and server in any way; it is often used because clients are behind a firewall and are not permitted to establish TCP connections to outside servers unless they do it through the SOCKS proxy server. Therefore, a SOCKS proxy relays a user’s TCP and User Datagram Protocol (UDP) session over firewall.
HTTP proxy
An HTTP Proxy serves two intermediary roles as an HTTP Client and an HTTP Server for security, management, and caching functionality. The HTTP Proxy routes HTTP Client requests from a Web browser to the Internet, while supporting the caching of Internet data.
FTP proxy
The FTP proxy functions as a relay for the File Transfer Protocol to enable you control connections based upon source and destination addresses and user authentication. It can also limit access to certain file transfer commands, such as put and get , based on source or destination addresses and user authentication.
SSL proxy
SSL proxy is any proxy server that uses the Secure Socket Layer (SSL) protocol, also known as SSL proxy server. SSL proxy performs encryption and decryption between the client and the server, without either of them being able to detect the proxy’s presence.
DNS proxy
A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. The DNS proxy simplifies network management. When the DNS server address is changed, you can change the configuration on only the DNS proxy instead of on each DNS client.
A DNS proxy improves domain lookup performance by caching previous lookups. A typical DNS proxy processes DNS queries by issuing a new DNS resolution query to each name server that it has detected until the host name is resolved.
Conclusion
In this article introduced you to basics of proxy. We learned difference between forward proxy and reverse proxy. And looked at the different kinds of proxies and their benefit.
