Thursday, July 21, 2016

How do Proxy Servers work ?




If you are a frequent internet user, it is very much likely that you have used or heard of Proxy Servers. Some of us might also have heard the terms Forward Proxy Servers and Reverse Proxy Servers. But, what are they actually ? How do they work ? And, how are they different from each other ?

Let’s understand that in details.


What are Proxy Servers ?


A Proxy Server is a server that works as an intermediary between a client requesting for a connection or service and a server that provides the resources. All requests from the client as well as the responses from the server pass through the Proxy Server providing an administrative control over the contents being relayed and hiding the IP address of the host behind the Proxy Server at the same time.

We will understand this in details.


Types of Proxy Servers


Depending on how the Proxy server function, there are three main types of Proxy Server :

  • Forward Proxy Server
  • Reverse Proxy Server
  • Open Proxy Server



Forward Proxy Server





A Forward Proxy Server is a proxy server that provides proxy services to a group of clients that are mostly part of an internal network. When one of the clients in the internal network makes a connection request, the request passes through the Forward Proxy Server. The Forward Proxy Server looks at the request and decides on whether the connection should proceed. And, based on that a connection is made to the requested server providing the resources. The requested server cannot see the IP address of the requesting client in the internal network. It will view the connection as coming from the Forward Proxy Server. The requested server will send a response to the Forward Proxy Server and the proxy server will then forward the response to the requesting client inside the internal network.


When is a Forward Proxy Server used ?


There are a number of reasons of using a Forward Proxy Server :

  • A Forward Proxy Server typically works with a firewall. So, it can control the traffic originating from a client in the internal network and ensure security of the internal network.
  • A Forward Proxy Server acts as a single point of access and control of the clients in the internal network. As it can provide administrative control over the contents being relayed, it is easier to enforce security policies using a Forward Proxy Server.
  • A Forward Proxy Server helps in hiding the IP addresses of the clients in the internal network providing security to the internal clients.



Reverse Proxy Server





When a group of servers provide resources to external clients, we can use another type of proxy server called Reverse Proxy Server to ensure security of the group of servers providing services. In case of a Reverse Proxy Server, when an external client makes a request to one of the servers in the internal network, the request passes through the Reverse Proxy Server. If the connection should be allowed, the internal server sends the response through the Reverse Proxy Server. The external client cannot see the IP address of the internal server. It would view the connection as coming from the Reverse Proxy Server. So, while a Forward Proxy Server hides the IP addresses of the internal clients requesting for services, a Reverse Proxy Server helps in hiding the IP addresses of the internal servers providing services.



When is a Reverse Proxy Server used ?


There are a number of reasons for using a Reverse Proxy Server :

  • As a Reverse Proxy Server hides the IP addresses of the internal servers, it creates much inconvenience for the attackers to make an attack to the internal servers for the purpose of stealing data or making even more attacks.
  • A Reverse Proxy Server also works along with a firewall. As it works as a single point of access and control to the internal servers, it can have administrative control over the contents being relayed and enforce security to the internal servers.
  • A Reverse Proxy Server can also act as a load balancer to the group of internal servers behind it. When a Reverse Proxy Server receives a large volume of incoming requests, it can perform load balancing and distribute the incoming traffic to the cluster of servers that provide same kind of service. For example, a Reverse Proxy Server can perform load balancing for a cluster of FTP servers behind it.
  • If more than one servers in the internal network provides SSL encryption, a Reverse Proxy Server can be used to do the SSL encryption using SSL acceleration hardware. The internal servers can use a single SSL proxy to provide SSL encryption, thus eliminating the need of using separate SSL certificates for the internal servers.
  • A Reverse Proxy server can cache static contents of the internal web servers behind it and thus reducing the load to the web servers.
  • A Reverse Proxy Server can also provide optimization and compression of contents to reduce the load time of the service.
  • If the requesting external clients are very slow, a Reverse Proxy Server can cache the contents from the internal servers behind it and slowly feed them to the slow external clients.


So, to summarize, for a Forward Proxy Server, connection requests come from a group of internal clients behind the proxy server and passes through the prxy server hiding the IP address of the requesting internal client. And, for a Reverse Proxy Server, connection requests come from external clients to a group of internal servers behind the proxy server and the connections pass through the proxy server hiding the IP addresses of the internal servers.



Open Proxy Server


An Open Proxy Server is a proxy server that is accessible by any internet user. If an internet user uses an Open Proxy Server, all the connection requests as well as the responses will pass through the Open Proxy Server, hiding the IP address of the internet user. So, using an Open Proxy Server a user can hide his IP address against the requested web servers or internet content providers.



Why to use an Open Proxy Server ?


An Open Proxy Server can help the user in hiding his IP address against the requested internet content provider servers. But, please note that anonymity or extensive internet security might not be achieved by using an Open Proxy Server alone.


Proxy vs NAT


The main difference between a proxy and a NAT lies in the layers in the OSI Reference Model in which they operate. A proxy works mostly in layer 7 of the OSI Reference Model. And, a NAT works in layer 3. As they operate in two different layers in the OSI Reference Model, their configuration also differs.

For NAT, configuring the gateway is sufficient. But, for a proxy, the destination of each packet that the requesting client generates must be changed to the proxy server, so one has to take care of that.

3 comments: