Some home networks, corporate intranets, and Internet Service Providers (ISPs) use proxy servers (also known as proxies). Proxy servers act as a “middleman” or broker between the two ends of a client/server network connection by intercepting all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers work well between Web browsers and servers, or other applications, by supporting underlying network protocols like HTTP.
Proxy servers have two main purposes. One thing it can do is that it can dramatically improve performance for groups of users. This is because it saves the results of all requests for a certain amount of time. Consider the case where both user X and user Y access the World Wide Web through a proxy server. First user X requests a certain Web page, which will be called Page 1. Sometime later, user Y requests the same page. Instead of forwarding the request to the Web server where Page 1 resides, which can be a time-consuming operation, the proxy server simply returns the Page 1 that it already fetched for user X. Since the proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers support hundreds or thousands of users. The major online services such as America Online, MSNand Yahoo, for example, employ an array of proxy servers.
Another feature of proxy servers is that it can filter requests. For example, a company might use a proxy server to prevent its employees from accessing a specific set of Web sites.
Proxies can do many other things. For example, they could translate multiple languages. They could shrink the size of a response so it fits on ones mobile phone webscreen. They could also filter nasty language or subjects.
Firewalling and Filtering- Proxy Servers
Proxy servers work at the Application layer (Layer 7) of the OSI model. As such, they aren’t as popular as ordinary firewalls that work at lower layers and support application-independent filtering. Proxy servers are also more difficult to install and maintain than firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or SOCKS must be configured individually. But, a properly configured proxy server improves network security and performance. Proxies have capability that ordinary firewalls simply cannot provide.
Some network administrators deploy both firewalls and proxy servers to work in together. To do this, they install both firewall and proxy server software on a server gateway.
Connection Sharing with Proxy Servers
Various software products for connection sharing on small home networks have appeared in recent years. In medium- and large-sized networks, however, actual proxy servers offer a more scalable and cost-effective alternative for shared Internet access. Rather than give each client computer a direct Internet connection, all internal connections can be funneled through one or more proxies that in turn connect to the outside.
Proxy Servers and Caching
The caching of Web pages by proxy servers can improve a network’s “quality of service” in three ways. First, caching may conserve bandwidth on the network, increasing scalability. Next, caching can improve response time experienced by clients. With an HTTP proxy cache, for example, Web pages can load more quickly into the browser. Finally, proxy server caches increase availability. Web pages or other files in the cache remain accessible even if the original source or an intermediate network link goes offline.
Types of Proxy servers
Proxies that attempt to block offensive web content are implemented as web proxies. Other web proxies reformat web pages for a specific purpose or audience; for example, Skweezer reformats web pages for cell phones and PDAs. Network operators can also deploy proxies to intercept computer viruses and other hostile content served from remote web pages.
A special case of web proxies are “CGI proxies.” These are web sites that allow a user to access a site through them. They generally use PHP orCGI to implement the proxying functionality.CGIproxies are frequently used to gain access to web sites blocked by corporate or school proxies. Since they also hide the user’s own IP address from the web sites they access through the proxy, they are sometimes also used to gain a degree of anonymity, called “Proxy Avoidance.
Many organizations — including corporations, schools, and families — use a proxy server to enforce acceptable network use policies (see content-control software) or to provide security, anti-malware and/or caching services. A traditional web proxy is not transparent to the client application, which must be configured to use the proxy (manually or with a configuration script). In some cases, where alternative means of connection to the Internet are available (e.g. a SOCKS server or NAT connection),
the user may be able to avoid policy control by simply resetting the client configuration and bypassing the proxy. Furthermore administration of browser configuration can be a burden for network administrators.
An intercepting proxy, often incorrectly called transparent proxy (also known as a forced proxy) combines a proxy server with NAT. Connections made by client browsers through the NAT are intercepted and redirected to the proxy without client-side configuration (or often knowledge).
Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required.
Intercepting proxies are also commonly used by Internet Service Providers in many countries in order to reduce upstream link bandwidth requirements by providing a shared cache to their customers.
It is often possible to detect the use of an intercepting proxy server by comparing the external IP address to the address seen by an external web server, or by examining the HTTP headers on the server side.
Some poorly implemented intercepting proxies have historically had certain downsides, e.g. an inability to use user authentication if the proxy does not recognize that the browser was not intending to talk to a proxy. Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems). A well-implemented proxy should not inhibit browser authentication at all.
An open proxy is a proxy server which will accept client
connections from any IP address and make connections to any Internet resource. Abuse of open proxies is currently implicated in a significant portion of e-mail spam delivery. Spammers frequently install open proxies on unwitting end users’ operating systems by means of computer viruses designed for this purpose. Internet Relay Chat (IRC) abusers also frequently use open proxies to cloak their identities.
Because proxies might be used for abuse, system administrators have developed a number of ways to refuse service to open proxies. IRC networks such as the Blitzed network automatically test client systems for known types of open proxy. Likewise, an
email server may be configured to automatically test e-mail senders for open proxies, using software such as Michael Tokarev’s “proxycheck.”
Groups of IRC and electronic mail operators run DNSBLs publishing lists of the IP addresses of known open proxies, such as AHBL,CBL, NJABL, and SORBS.
The ethics of automatically testing
clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be equivalent to an attacker portscanning the client host. Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.
A reverse proxyis a proxy server that is installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the web servers goes through the proxy server. There are several reasons for installing reverse proxy servers:
- Security: the proxy server is
- An additional layer of defense and therefore protects the web servers further up the chain.
- Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure Sockets Layer.
- Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations)
A split proxy is effectively a pair of proxies installed across two computers. Since they are effectively two parts of the same program, they can communicate with each other in a more efficient way than they can communicate with a more standard resource or tool such as a website or browser. This is ideal for compressing data over a slow link, such as a wireless or mobile data service and also for reducing the issues regarding high latency links (such as satellite internet) where establishing aTCP connection is
time consuming. Taking the example of web browsing, the user’s browser is pointed to a local proxy which then communicates with its other half at some remote location. This remote server fetches the requisite data, repackages it and sends it back to the user’s local proxy, which unpacks the data and presents it to the browser in the standard fashion.
Anonymous Proxy Servers
Anonymous proxy servers hide ones IP address and thereby prevent unauthorized access to that computer through the Internet. They do not provide anyone with that IP address and effectively hide all information about the user at hand. Besides that, they don’t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc. ProxySite.com – a place where the huge list of public proxies is compiled. In a database you always can find the most modern lists, the Proxy is checked every minute, and the list is updated daily from various sources. The system uses the latest algorithm for set and sortings of servers by proxy, servers for anonymous access are checked. Results of Search always can be kept in file Excel.