A proxy , or proxy server , in a computer network, is a server —program or device—, which acts as an intermediary in the requests for resources made by a client (A) to another server (C). For example, if a hypothetical machine A requests a resource from C , it will do so by means of a request to B , which in turn will transfer the request to C ; thus C will not know that the request originally came from A. This strategic intermediate point situation allows it to offer various functionalities: access control, traffic logging, restriction to certain types of traffic, performance improvement, communication anonymity, web cache, etc. Depending on the context, the intermediation that the proxy performs can be considered by users, administrators or providers as legitimate or criminal and its use is frequently discussed.
The English word proxy means attorney in Spanish.
- Commonly a proxy server, it is a computer equipment that intercepts network connections made from a client to a destination server.
- The most popular is the web proxy server. It intervenes in browsing the web, for different purposes: security, performance, anonymity, etc.
- There are specific proxies for other protocols, such as the FTP proxy.
- The ARP proxy can act as a router in a network, since it acts as an intermediary between computers.
- Proxy (design pattern) is also a design pattern (programming) with the same scheme as the network proxy.
- A hardware component can also act as an intermediary for others.
As you can see, proxy has a very general meaning, although it is always synonymous with an intermediary . When a computer on the network wants to access information or a resource, it is actually the proxy that makes the communication and then transfers the result to the computer that requested it.
There are two types of proxies depending on who wants to implement the proxy policy:
- local proxy: In this case the one who wants to implement the policy is the same one that makes the request. So it is called local. They are usually on the same machine as the client making the requests. They are widely used so that the client can control traffic and can establish filtering rules that, for example, can ensure that private information is not revealed (Filtering proxies for privacy improvement).
- network proxyor external proxy : The one who wants to implement the proxy policy is an external entity. So it is called external. They are usually used to implement caches, block content, traffic control, IP sharing, etc.
Advantages and disadvantages
In general, not only in computing, proxies make it possible:
- Control: Only the broker does the actual work, so users’ rights can be limited and restricted, and only the proxy server can be given permissions.
- Savings: only one of the users (the proxy) has to be prepared to do the real work. Being prepared means that you are the only one who needs the necessary resources to do that functionality. Examples of resources required to perform the function may be the capacity and logic of the external network (IP) address.
- Speed: If several clients are going to request the same resource, the proxy can cache: save the response of a request to give it directly when another user requests it. That way you don’t have to contact the destination again, and you finish faster.
- Filtering: The proxy may refuse to respond to some requests if it detects that they are prohibited.
- Modification: as an intermediary, a proxy can falsify information, or modify it following an algorithm.
- Connect safely without giving your Ip.
In general, the use of a broker can cause:
- Anonymity: if all users identify themselves as one, it is difficult for the accessed resource to differentiate them. But this can be bad, for example when identification needs to be done.
- Abuse: By being willing to receive requests from and respond to many users, you may be doing some work that doesn’t touch. Therefore, it has to control who has access and who does not, which is normally very difficult.
- Loading: a proxy has to do the work of many
- Intrusion: It is one more step between origin and destination, and some users may not want to go through the proxy. And less if it caches and saves copies of the data.
- Inconsistency: If you cache, you might go wrong and give an old response when there is a newer one on the target resource. In reality this problem does not exist with the current proxy servers, since they connect to the remote server to verify that the version that it has in cache remains the same as the one that exists in the remote server.
- Irregularity: The fact that the proxy represents more than one user causes problems in many scenarios, specifically those that presuppose direct communication between 1 sender and 1 receiver (such as TCP / IP).
The proxy concept is applied in many different ways to provide specific functionalities. Proxy Cache
It preserves the content requested by the user to speed up the response in future requests for the same information from the same machine or others. Usually these are HTTP / HTTPS proxies accessing web content. This feature is especially necessary in networks with poor Internet access, although users often perceive it as an intrusion that limits their privacy against direct individual connections. Web proxy
It is a proxy for a specific application: access to the web with the HTTP and HTTPS protocols, and additionally FTP. Aside from the general utility of a proxy, it can provide a shared cache for downloaded web pages and content, then acting as a cache-proxy server. This cache is shared by multiple users with the consequent improvement in access times for matching queries and relieving the access links to the Internet.
Operation: The user makes a request (for example, in a web browser) for an Internet resource (a web page or any other file) specified by a URL. When the proxy cache receives the request, it looks for the resulting URL in its local cache. If found, check the date and time of the demand page version with the remote server. If the page hasn’t changed since it was cached, it returns it immediately, saving a lot of traffic since it only sends a packet over the network to check the version. If the version is old or just not found in the cache, it requests it from the remote server, returns it to the requesting client, and saves or updates a copy in its cache for future requests.
Web proxies can provide a series of interesting functionalities in different areas:
Reduce traffic by implementing cache in the proxy. Requests for Web pages are made to the Proxy server and not to the Internet directly. Therefore, the traffic on the network is lightened and the destination servers are downloaded, to which fewer requests arrive.
The cache normally uses a configurable algorithm to determine when a document is out of date and should be removed from the cache. As configuration parameters it uses the age, size and access history. Two of those basic algorithms are LRU (Least Recently Used) and LFU (Least Frequently Used).
Improved speed in response time by implementing cache in the proxy. The Proxy server creates a cache that prevents identical transfers of information between servers for a time (configured by the administrator) so the user receives a faster response. For example suppose we have an ISP that has a cached proxy server. If a client of that ISP sends a request to Google, for example, it will reach the Proxy server that has this ISP and will not go directly to the IP address of the Google domain. This specific page is usually highly requested by a high percentage of users, therefore the ISP retains it in its Proxy for a certain time and creates a response in much less time. When the user creates a Google search the Proxy server is no longer used;
P2P programs can take advantage of the cache provided by some proxies. It is the so-called Webcache. For example it is used in Lphant and some Emule Mods.
The proxy can be used to implement content filtering functions. This requires the configuration of a series of restrictions that indicate what is not allowed. Note that this functionality can be exploited not only so that certain users do not access certain content, but also to filter certain files that can be considered dangerous, such as viruses and other hostile content served by remote web servers. A proxy can allow the identity of the one requesting certain content to be hidden from the web server. The only thing the web server detects is that the proxy IP requests certain content. However, it cannot determine the source IP of the request. Also, if a cache is used, It may be the case that the content is accessed many more times than those detected by the web server that hosts that content. Proxies can be used to provide a web service to a higher user demand than would be possible without them. The proxy server can modify the content that the original web servers serve. There may be different motivations for doing this. Let’s look at some examples: Some proxies can change the format of web pages for a specific purpose or audience (eg display a page on a mobile phone or PDA) by translating the content. There are proxies that modify web traffic to improve the privacy of web traffic with the server. For this, some rules are established that the proxy must comply with.
It is frequent to use this type of proxies on the users’ own machines (local proxies) to implement an intermediate step and that the requests are not released / received to / from the network without having previously been cleaned of dangerous information or content or private. This type of proxy is typical in environments where there is a lot of concern about privacy and is usually used as a previous step to requesting content through a network that seeks anonymity, such as Tor. The most frequent programs to do this type of functionality are:
Privoxy: Focuses on web content. It does not provide caching. Analyze traffic based on predefined rules that are associated with specified addresses with regular expressions and that apply to headers, content, etc. It is highly configurable. It has extensive documentation. Polipo: It has characteristics that make it faster than privoxy (caching, pipeline, intelligent use of request range). Its disadvantage is that it is not configured by default to provide anonymity at the application layer level.
The proxy server provides a point from which the web traffic of many users can be centrally managed. That can be exploited for many additional functions to the typical ones seen above. For example, it can be used for the establishment of controlling the web traffic of specific individuals, establishing how to get to the web servers from which the content is to be obtained (for example, the proxy can be configured so that instead of obtaining the content directly, do it through the Tor network). Disadvantages
If performing a caching service, the displayed pages may not be up to date if they have been modified since the last cache proxy load.
A web designer can indicate in their web content that browsers do not cache their pages, but this method does not usually work for a proxy.
The fact of accessing the Internet through a Proxy, instead of through a direct connection, makes it difficult (it is necessary to properly configure the proxy) to carry out advanced operations through some ports or protocols. Storing the pages and objects that users request can be a violation of privacy for some people.
Web Proxy Applications
Its operation is based on that of an HTTP / HTTPS proxy, but in this case the user accesses this service manually from the web browser through a Web Application. That HTTP server, the intermediary, through a URL receives the request, accesses the requested web server and returns the content on its own page.
SOCKS servers differ from other proxies by using a specific protocol, the SOCKS protocol, instead of HTTP. The client program is both an HTTP client and a SOCKS client. The client negotiates a connection to the SOCKS proxy server using the SOCKS layer 5 protocol, session layer, of the OSI model. Once the connection is established, all communications between the client and the proxy are made using the SOCKS protocol. The client tells the SOCKS proxy what it wants and the proxy communicates with the external web server, gets the results, and sends them to the client. In this way, the external server only has to be accessible from the SOCKS proxy, which is the one that is going to communicate with it.
The client that communicates with SOCKS can be in the application itself (eg Firefox, putty), or in the TCP / IP protocol stack where the application will send the packets to a SOCKS tunnel. In the SOCKS proxy, it is common to implement, as in most proxies, session authentication and registration.
In the origins of the web it was a popular web access protocol, but the rapid development of HTTP or even NAT proxies and other options for securing TCP / IP communications made it fall into almost absolute disuse by the 21st century. Transparent proxies
Many organizations (including businesses, schools, and families) use proxies to enforce network usage policies or to provide security and caching services. Normally, a Web or NAT proxy is not transparent to the client application: it must be configured to use the proxy, manually. Therefore, the user can bypass the proxy simply by changing the settings.
A transparent proxy combines a proxy server with a firewall so that connections are intercepted and forwarded to the proxy without the need for configuration on the client, and usually without the user knowing of their existence. This type of proxy is commonly used by companies that provide Internet access. Reverse Proxy
main article: Reverse Proxy
A reverse proxy is a proxy server located in the hosting of one or more web servers. All traffic from the Internet and destined for one of these web servers is received by the proxy server. There are several reasons for this:
Security: The proxy server is an additional layer of defense and therefore protects web servers. SSL Encryption / Acceleration: When creating a secure website, SSL encryption is not usually done by the web server itself, but is performed on a third-party computer even equipped with SSL / TLS acceleration hardware. Load Distribution: The proxy can distribute the load among several web servers. In this case, it may be necessary to rewrite the URL of each web page (translation of the external URL into the corresponding internal URL, depending on which server the requested information is located on). Static content cache: A reverse proxy can offload work to web servers by storing static content such as images or other graphic content.
NAT Proxy (Network Address Translation) / Masking
Another mechanism to act as an intermediary in a network is NAT.
Network Address Translation (NAT) is also known as IP masking. It is a technique by which the source or destination addresses of IP packets are rewritten, replaced by others (hence the “masking”).
This is what happens when multiple users share a single Internet connection. A single public IP address is available and must be shared. Within the local area network (LAN) the computers use IP addresses reserved for private use and the proxy will be in charge of translating the private addresses to that only public address to make requests, as well as distributing the pages received to that user. intern who requested it. These private addresses are usually chosen in prohibited ranges for use on the Internet such as 192.168.xx, 10.xxx, 172.16.xx and 172.31.xx
This situation is very common in companies and homes with several networked computers and external access to the Internet. Access to the Internet through NAT provides a certain security, since in reality there is no direct connection between the outside and the private network, and thus our computers are not exposed to direct attacks from the outside.
Using NAT you can also allow limited access from the outside, and make requests that reach the proxy be directed to a specific machine that has been determined for that purpose in the proxy itself.
The function of NAT resides in the Firewalls and is very comfortable because it does not need any special configuration on the computers on the private network that can access it as if it were a mere router. Open proxy
This type of proxy is the one that accepts requests from any computer, whether or not it is connected to your network.
In this configuration, the proxy will execute any request from any computer that can connect to it, performing as if it were a proxy request. Therefore, it allows this type of proxy to be used as a gateway for the massive sending of spam emails. A proxy is normally used to store and redirect services such as DNS or Web browsing, by caching requests on the proxy server, which improves the overall speed of users. This use is very beneficial, but by applying an “open” configuration to the entire internet, it becomes a tool for misuse.
Due to the above, many servers, such as those of IRC, or emails, deny access to these proxies to their services, normally using blacklists (“BlackList”). Having this uses more reliable security. Cross-Domain Proxy
Typically used by asynchronous web technologies (flash, ajax, comet, etc.) that have restrictions to establish communication between elements located in different domains.
In the case of AJAX, for security purposes, it is only allowed to access the same source domain of the web page that makes the request. If you need to access other services located in other domains, a Cross-Domain proxy2 is installed in the source domain that receives the ajax requests and forwards them to the external domains.
In the case of flash, they have also solved creating the revision of Cross-Domain xml files, which allow or not access to that domain or subdomain