If not redirected, please click here https://www.thesecuritybuddy.com/network-security/what-is-a-proxy-server-and-how-does-it-work/
If you are a frequent internet user, it is very much likely that you have used or heard of Proxy Servers. Some of us might also have heard the terms Forward Proxy Servers and Reverse Proxy Servers. But, what are they actually ? How do they work ? And, how are they different from each other ?
If you are a frequent internet user, it is very much likely that you have used or heard of Proxy Servers. Some of us might also have heard the terms Forward Proxy Servers and Reverse Proxy Servers. But, what are they actually ? How do they work ? And, how are they different from each other ?
Let’s
understand that in details.
What are Proxy Servers ?
A
Proxy Server is a server that works as an intermediary between a
client requesting for a connection or service and a server that
provides the resources. All requests from the client as well as the responses from the server pass through the Proxy Server providing an
administrative control over the contents being relayed and hiding the
IP address of the host behind the Proxy Server at the same time.
We
will understand this in details.
Types of Proxy Servers
Depending
on how the Proxy server function, there are three main types of Proxy
Server :
-
Forward Proxy Server
-
Reverse Proxy Server
-
Open Proxy Server
Forward Proxy Server
A
Forward Proxy Server is a proxy server that provides proxy services
to a group of clients that are mostly part of an internal network.
When one of the clients in the internal network makes a connection
request, the request passes through the Forward Proxy Server. The
Forward Proxy Server looks at the request and decides on whether the
connection should proceed. And, based on that a connection is made to
the requested server providing the resources. The requested server
cannot see the IP address of the requesting client in the internal
network. It will view the connection as coming from the Forward Proxy
Server. The requested server will send a response to the Forward
Proxy Server and the proxy server will then forward the response to
the requesting client inside the internal network.
When is a Forward Proxy Server used ?
There
are a number of reasons of using a Forward Proxy Server :
-
A Forward Proxy Server typically works with a firewall. So, it can control the traffic originating from a client in the internal network and ensure security of the internal network.
-
A Forward Proxy Server acts as a single point of access and control of the clients in the internal network. As it can provide administrative control over the contents being relayed, it is easier to enforce security policies using a Forward Proxy Server.
-
A Forward Proxy Server helps in hiding the IP addresses of the clients in the internal network providing security to the internal clients.
Reverse Proxy Server
When
a group of servers provide resources to external clients, we can use
another type of proxy server called Reverse Proxy Server to ensure
security of the group of servers providing services. In case of a
Reverse Proxy Server, when an external client makes a request to one
of the servers in the internal network, the request passes through
the Reverse Proxy Server. If the connection should be allowed, the
internal server sends the response through the Reverse Proxy Server.
The external client cannot see the IP address of the internal server.
It would view the connection as coming from the Reverse Proxy
Server. So, while a Forward Proxy Server hides the IP addresses of
the internal clients requesting for services, a Reverse Proxy Server
helps in hiding the IP addresses of the internal servers providing
services.
When is a Reverse Proxy Server used ?
There
are a number of reasons for using a Reverse Proxy Server :
-
As a Reverse Proxy Server hides the IP addresses of the internal servers, it creates much inconvenience for the attackers to make an attack to the internal servers for the purpose of stealing data or making even more attacks.
-
A Reverse Proxy Server also works along with a firewall. As it works as a single point of access and control to the internal servers, it can have administrative control over the contents being relayed and enforce security to the internal servers.
-
A Reverse Proxy Server can also act as a load balancer to the group of internal servers behind it. When a Reverse Proxy Server receives a large volume of incoming requests, it can perform load balancing and distribute the incoming traffic to the cluster of servers that provide same kind of service. For example, a Reverse Proxy Server can perform load balancing for a cluster of FTP servers behind it.
-
If more than one servers in the internal network provides SSL encryption, a Reverse Proxy Server can be used to do the SSL encryption using SSL acceleration hardware. The internal servers can use a single SSL proxy to provide SSL encryption, thus eliminating the need of using separate SSL certificates for the internal servers.
-
A Reverse Proxy server can cache static contents of the internal web servers behind it and thus reducing the load to the web servers.
-
A Reverse Proxy Server can also provide optimization and compression of contents to reduce the load time of the service.
-
If the requesting external clients are very slow, a Reverse Proxy Server can cache the contents from the internal servers behind it and slowly feed them to the slow external clients.
So,
to summarize, for a Forward Proxy Server, connection requests come
from a group of internal clients behind the proxy server and passes
through the prxy server hiding the IP address of the requesting
internal client. And, for a Reverse Proxy Server, connection requests
come from external clients to a group of internal servers behind the
proxy server and the connections pass through the proxy server hiding
the IP addresses of the internal servers.
Open Proxy Server
An
Open Proxy Server is a proxy server that is accessible by any
internet user. If an internet user uses an Open Proxy Server, all the
connection requests as well as the responses will pass through the
Open Proxy Server, hiding the IP address of the internet user. So,
using an Open Proxy Server a user can hide his IP address against the
requested web servers or internet content providers.
Why to use an Open Proxy Server ?
An
Open Proxy Server can help the user in hiding his IP address against
the requested internet content provider servers. But, please note
that anonymity or extensive internet security might not be achieved
by using an Open Proxy Server alone.
Proxy vs NAT
The
main difference between a proxy and a NAT lies in the layers in the
OSI Reference Model in which they operate. A proxy works mostly in
layer 7 of the OSI Reference Model. And, a NAT works in layer 3. As
they operate in two different layers in the OSI Reference Model,
their configuration also differs.
For
NAT, configuring the gateway is sufficient. But, for a proxy, the
destination of each packet that the requesting client generates must
be changed to the proxy server, so one has to take care of that.
So,
this article gives an overview of how proxy works. Hope it helped.
Read More
How do NAT and VPN work ?
How does Web Application Firewall work ?
What is IPSec ?
PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2 VPN - How are they different from each other ?
What is SSL VPN and how is it different from IPSec VPN ?
How does Network Segmentation improve security and what is VLAN ?
Read More
How do NAT and VPN work ?
How does Web Application Firewall work ?
What is IPSec ?
PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2 VPN - How are they different from each other ?
What is SSL VPN and how is it different from IPSec VPN ?
How does Network Segmentation improve security and what is VLAN ?