In Computer network, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server.
The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client.
A proxy server may optionally alter the client’s request or the server’s response, and sometimes it may serve the request without contacting the specified server. In this case, it ‘caches’ responses from the remote server, and returns subsequent requests for the same content directly.
A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.
A proxy server has many potential purposes, including:
To keep rnachines behind it anonymous (mainly for security).
To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
To apply access policy to network services or content, e.g. to block undesired sites.
To log/audit usage, i.e. to provide company employee Internet usage reporting.
To bypass security/parental controls.
To scan transmitted content for malware before delivery.
To scan outbound content, e.g., for data leak protection.
To circumvent regional restrictions.
# Improve Performance: Proxy servers can dramatically improve performance for groups of users. This is because it saves the results of all requests for a certain amount of time. Consider the case where both user X and user Y access the World Wide Web through a proxy server. First user X requests a certain Web page, which we’ll call Page 1.
Sometime later, user Y requests the same page. Instead of forwarding the request to the Web server where Page 1 resides, which can be a time-consuming operation, the proxy server simply returns the Page 1 that it already fetched for user X. Since the proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers support hundreds or thousands of users. The major online services such as America Online, MSN and Yahoo, for example, employ an array of proxy servers.
# Filter Requests: Proxy servers can also be used to filter requests. For example, a company might use a proxy server to prevent its employees from accessing a specific set of Web sites.
A proxy server that passes requests and replies unmodified is usually called a gateway or tunneling. A proxy server can he placed in the user’s local computer or at various points between the user and the destination servers on the Internet.
A reverse proxy is (usually) an internet-facing proxy used as a front-end to control and protect access to a server on a private network commonly also performing tasks such as load-balancing, authentication, decryption or caching,
We’ll be covering the following topics in this tutorial:
Proxy Services
Proxy services are specialized application or server programs that run on a firewall host: either a dual-homed host with an interface on the internal network and one on the external network or some other bastion host that has access to the Internet and is accessible from the internal machines.
These programs take users’ request for internet services (such as FTP and Telnet) and forward them as appropriate according to the site’s security policy, to the actual services, The proxies provide replacement connections and act as gateways to the services. For this reason, sometimes known as application-level gateways.
Proxy services sit, more or less transparently, between a user on the inside (on the internal network) and a service on the outside (on the Internet). Instead of talking to each other directly, each talks to a proxy. Proxies handle all the communication between users and Internet services behind the scenes,
Transparency is the major benefit of proxy services. It is essentially smoke and mirrors. To the user, a proxy server presents the Illusion that the user is dealing directly with the real server.
To the real server, the proxy server presents the illusion that the real server is dealing directly with a user on the proxy host (as opposed to the user’s real host).
Proxy services are effective only when they’re used in conjunction with a mechanism that restricts direct communications between the internal and external hosts. Dual-homed hosts and packet filtering are two such mechanisms. If internal hosts are able to communicate directly with external hosts, there’s no need for users to use proxy services, and so (in general) they won’t. Such a bypass probably isn’t in accordance with your security policy.
Fig, a proxy service requires two components: a proxy server and a proxy client. In this situation, the proxy server runs on the dual-homed host. A proxy clients a special version of a normal client program (i.e., a Telnet or FTP client) that talks to the proxy server rather than I to the “real” server out-on the Internet; in addition, if users are taught special procedures to follow, normal client programs can often be used as proxy clients.
The proxy server evaluates requests from the proxy client, and decides which to approve and which to deny. If a request! Is approved, the proxy server contacts the real server on behalf of the client (thus the term “proxy”), and proceeds to relay requests from the proxy client to the real server, and responses’ from the real server to the proxy client.
In some proxy systems, instead of installing custom client proxy software, you’ll use standard software, but set up custom user procedures for using it.
The proxy server doesn’t always just forward users’ requests on to the real Internet server. The proxy server can control what users do, because it can make decisions about the request it processes. Depending on your site’s security policy, requests might be allowed or refuse.
For example, the FTP proxy might refuse to let users export files, or it might allow users to import files only from certain sites. More sophisticated proxy services might allow different capabilities to different hosts, rather than enforcing the same restrictions on all hosts.
Construction of Proxy
There is some excellent software available for proxying. SOCKS are a proxy construction toolkit, designed to make it easy to convert existing client/server applications into proxy versions of the same applications. The Trusted Information Systems Internet Firewall Toolkit (TIS FWTK) includes proxy servers for a number of common Internet protocols, including Telnet, FTP, HTTP, rIogin, XII, and others; these proxy servers are designed to be used in conjunction with custom user procedures.
Many standard client and server programs, both commercial and freely available, now come equipped with their own proxying capabilities, or with support for generic proxy systems like SOCKS. These capabilities can be enabled at run time or compile time.