What is a Proxy Server?
As the name implies, a proxy server is an intermediary between your PC or device and the Internet. This server makes requests to websites, servers and services on the Internet for you.
A proxy server works by intercepting connections between sender and receiver. All incoming data enters through one port and is forwarded to the rest of the network via another port. By blocking direct access between two networks, proxy servers make it much more difficult for hackers to get internal addresses and details of a private network.
The Forward Proxy
A forward proxy provides proxy services to a client or a group of clients. Oftentimes, these clients belong to a common internal network like the one shown below.
When one of these clients makes a connection attempt to that file transfer server on the Internet, its requests have to pass through the forward proxy first.
Depending on the forward proxy’s settings, a request can be allowed or denied. If allowed, then the request is forwarded to the firewall and then to the file transfer server. From the point of view of the file transfer server, it is the proxy server that issued the request, not the client. So when the server responds, it addresses its response to the proxy.
But then when the forward proxy receives the response, it recognizes it as a response to the request that went through earlier. And so it in turn sends that response to the client that made the request.
Because proxy servers can keep track of requests, responses, their sources and their destinations, different clients can send out various requests to different servers through the forward proxy and the proxy will intermediate for all of them. Again, some requests will be allowed, while some will be denied.
As you can see, the proxy can serve as a single point of access and control, making it easier for you to enforce security policies. A forward proxy is typically used in tandem with a firewall to enhance an internal network’s security by controlling traffic originating from clients in the internal network that are directed at hosts on the Internet. Thus, from a security standpoint, a forward proxy is primarily aimed at enforcing security on client computers in your internal network.
But then client computers aren’t always the only ones you find in your internal network. Sometimes, you also have servers. And when those servers have to provide services to external clients (e.g. field staff who need to access files from your FTP server), a more appropriate solution would be a reverse proxy.
Benefits of a Forward Proxy Server
1. Control Internet Usage
One of the most important reasons why proxies are widely used in corporate networks is that they provide control over what employees are accessing and using on the Internet. For example, many companies ban certain websites so that they are not accessed by employees during work hours. For example, they may ban adult websites, popular social networks.
Forcing employees to access the Internet only through your company’s proxy also means that you have detailed logs of all the websites & content they accessed, when, for how long, etc. Detailed usage reports are available about each employee and the company can easily identify misbehaving users.
2. Bandwidth Savings & Improved Speed
Another reason why companies use proxy servers is that it helps them save precious bandwidth. Proxy servers can compress traffic, cache files and web pages from the Internet and even strip ads from websites before they reach your computer. This allows companies to save bandwidth, especially when they have hundreds or thousands of employees, accessing mostly the same popular websites (e.g. CNN news, New York Times, etc). When a web page is accessed, a proxy server can store it and, when the next person requests it, it first checks if the page has changed. If it hasn’t changed, it forwards the local copy without re-downloading the whole page. This both saves bandwidth for the company and makes the loading process faster for the next person that requests the same resource.
3. Privacy Benefits: Hide Your IP Address, Location & Other Information
When you have a direct connection to the Internet, when you load a website on the Internet, the server where it is hosted can see your IP address. With the help of this address it can approximate your geographical location. Also, the browser sends its user agent information and the website knows what browser you are using. On top of this, cookies are stored on your computer which provide further personal information.
Proxy servers can hide your IP address (if they are set to do this), can send a different user agent so that your browser is not identified and can block cookies or accept them but not pass them to your PC or device. Therefore, when using a proxy server, you can be a lot more anonymous than when using a direct connection to the Internet.
4. Proxy Servers Can Improve Security
Proxy servers may also have a role in improving security, especially when used in business networks. They can be set to block access to malicious websites that distribute malware and they can also provide encryption services so that your data is not easily sniffed by third-parties that want to get their hands on it.
The Reverse Proxy
As its name implies, a reverse proxy does the exact opposite of what a forward proxy does. While a forward proxy proxies in behalf of clients (or requesting hosts), a reverse proxy proxies in behalf of servers. A reverse proxy accepts requests from external clients on behalf of servers stationed behind it just like what the figure below illustrates.
To the client in our example, it is the reverse proxy that is providing file transfer services. The client is oblivious to the file transfer servers behind the proxy, which are actually providing those services. In effect, whereas a forward proxy hides the identities of clients, a reverse proxy hides the identities of servers. An Internet-based attacker would therefore find it considerably more difficult to acquire data found in those file transfer servers than if he wouldn’t have had to deal with a reverse proxy.
Just like forward proxy servers, reverse proxies also provide a single point of access and control. You typically set it up to work alongside one or two firewalls to control traffic and requests directed to your internal servers.
In most cases, reverse proxy servers also act as load balancers for the servers behind it. Load balancers play a crucial role in providing high availability to network services that receive large volumes of requests. When a reverse proxy performs load balancing, it distributes incoming requests to a cluster of servers, all providing the same kind of service. So, for instance, a reverse proxy load balancing FTP services will have a cluster of FTP servers behind it.
Both types of proxy servers relay requests and responses between source and destination machines. But in the case of reverse proxy servers, client requests that go through them normally originate from the Internet, while, in the case of forward proxies, client requests normally come from the internal network behind them.
Benefits of a Reverse Proxy Server
1. Encryption / SSL acceleration: when secure web sites are created, the Secure Sockets Layer (SSL) encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. Furthermore, a host can provide a single “SSL proxy” to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL Server Certificate for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections.
2. Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations).
3. Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content.
4. Compression: the proxy server can optimize and compress the content to speed up the load time.
5. Security: the proxy server is an additional layer of defense and can protect against some OS and Web Server specific attacks. However, it does not provide any protection from attacks against the web application or service itself, which is generally considered the larger threat.
Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewall server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet.
If you found any of the information on this page helpful in anyway then please consider sharing this content with your favorite social network or by leaving your thoughts in the comment section. Thanks!