Proxy Servers Basics - I

by Sharan R

Some home networks, corporate intranets, and Internet Service Providers (ISPs) use proxy servers (also known as proxies). Proxy servers act as a "middleman" or broker between the two ends of a client/server network connection. Proxy servers work with Web browsers and servers, or other applications, by supporting underlying network protocols like HTTP.

Key Features of Proxy Servers

Proxy servers provide three main functions:
  1. firewalling and filtering
  2. connection sharing
  3. caching
The features of proxy servers are especially important on larger networks like corporate intranets and ISP networks. The more users on a LAN and the more critical the need for data privacy, the greater the need for proxy server functionality.

Proxy Servers, Firewalling and Filtering

Proxy servers work at the Application layer, layer 7 of the OSI model. They aren't as popular as ordinary firewalls that work at lower layers and support application-independent filtering.
Proxy servers are also more difficult to install and maintain than firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or SOCKS must be configured individually.
However, a properly configured proxy server improves network security and performance. Proxies have capability that ordinary firewalls simply cannot provide.
Some network administrators deploy both firewalls and proxy servers to work in tandem. To do this, they install both firewall and proxy server software on a server gateway.

Because they function at the OSI Application layer, the filtering capability of proxy servers is relatively intelligent compared to that of ordinary routers. For example, proxy Web servers can check the URL of outgoing requests for Web pages by inspecting HTTP GET and POST messages.

Using this feature, network administrators can bar access to illegal domains but allow access to other sites. Ordinary firewalls, in contrast, cannot see Web domain names inside those messages. Likewise for incoming data traffic, ordinary routers can filter by port number or network address, but proxy servers can also filter based on application content inside the messages.

Connection Sharing with Proxy Servers

Various software products for connection sharing on small home networks have appeared in recent years. In medium- and large-sized networks, however, actual proxy servers offer a more scalable and cost-effective alternative for shared Internet access. Rather than give each client computer a direct Internet connection, all internal connections can be funneled through one or more proxies that in turn connect to the outside.

Proxy Servers and Caching

The caching of Web pages by proxy servers can improve a network's "quality of service" in three ways. First, caching may conserve bandwidth on the network, increasing scalability. Next, caching can improve response time experienced by clients. With an HTTP proxy cache, for example, Web pages can load more quickly into the browser. Finally, proxy server caches increase availability. Web pages or other files in the cache remain accessible even if the original source or an intermediate network link goes offline.

Illustration of Web caching using a proxy server.

Figure 1: Web caching with a proxy server
 

Drawbacks of Proxy Caching

It's reasonable to expect that proxy servers handling hundreds or thousands of Web clients can become a network bottleneck. In addition to using servers with power processors and large amounts of memory, administrators may also choose to deploy multiple proxies to help avoid potential bottlenecks. 

A proxy hierarchy creates multiple layers of caching support. Clients connect directly to a first-level caching, and if a Web page is unavailable there locally, the request "misses" and automatically gets passed to a second-level caching server, and so on. 

As with many caching systems, the effectiveness of a multi-proxy server hierarchy is very dependent on the pattern of traffic. In the worst case, all clients will be visiting Web pages completely unrelated to each other, and proxies (the hardware, and the additional network traffic they generate) become pure overhead. One would expect that normal traffic patterns will usually not be worst-case, but every network's use pattern will be different. 

Proxy caching differs from browser caching. Browsers automatically cache pages on the client computer, whereas proxies can also cache pages on a remote Web server. Because browsers already perform their own caching, introducing proxy caching into a network will have only a second-order effect. 

Proxy caches don't help much with refreshed pages. On some sites, Web pages are set with HTML META tags to expire quickly; expired pages force the proxy cache to reload that page. Similarly, caching is rendered ineffective by pages that change content frequently, such as those on news sites, or weblogs. 

Proxy caches also introduce measurement uncertainty into the Internet. Normally, a Web server log will record identifying information of visiting clients such as their IP addresses and domain names. For clients with proxy servers, all public requests are made on behalf of the server, using its IP address and identity. Web sites that carefully track the patterns of use of their visitors have much more difficulty in distinguishing unique client visits through proxies.

Proxy Servers and Browsers

Proxy servers work with specific networking protocols. Obviously HTTP will be the most critical one to configure for Web page access, but browsers also utilize these other protocols:
  • S-HTTP (also called "Secure" or "Security" in the browser)
  • FTP
  • SOCKS
  • Gopher
  • WAIS
S-HTTP (Secure Hypertext Transfer Protocol) supports encrypted HTTP communications. This protocol is becoming more and more common as ecommerce sites, for example, adopt it to make credit card transactions safer. S-HTTP should not be confused with SSL. Although S-HTTP uses SSL "under the covers," SSL is a lower-level protocol that by itself does not impact a browser's proxy setup. 

FTP (File Transfer Protocol) supports the download of files over the Web. Before HTTP was developed, FTP was an even more popular way to share files across the Internet. FTP treats files as either simple text or binary format, and it is still commonly used to download compressed archives of non-HTML data (like MP3 files, for example). 

SOCKS is a firewall security protocol implemented in some proxy configurations. 

Gopher and WAIS (Wide-Area Indexing Service) were two attempts before HTTP to build a standard protocol for indexing and navigating information on the Internet. Both Gopher and WAIS are effectively obsolete today.


Technically, different proxy servers may be used to support these multiple protocols. For example, the hypothetical host 

 http_proxy.about.com
 
may serve HTTP and S-HTTP requests, and another hypothetical host 
 
 other_proxy.about.com
 
may serve FTP, GOPHER, WAIS, and any others except HTTP/S-HTTP. When manually configuring a browser, clients will need to know these details of the proxy server arrangement. Most of the time, network administrators will configure the proxies to serve all protocols to avoid any confusion. 

Host Identifiers and Ports

To manually specify a proxy server in the browser, two pieces of information are required. First, the host identifier is either the host's network name (as configured in DNS, NIS, or similar naming service) or the host's IP address. Second, the port number is the TCP/IP port on which the server listens for requests. 

A single port number is generally used for all of the supported protocols above. This port should not be confused with the standard ports used by the protocols themselves (port 80 for HTTP, port 21 for FTP, and so on). This is a proxy port only, and it should never be assigned to one of the reserved numbers. 

Unfortunately, a single standard port number does not exist. Some numbers like 8000 and 8080 are used more commonly than others, but the number can be any unassigned value up to 65535. Users manually configuring their browsers will need to be told this port number by their network administrator. 

Automatic Proxy Configuration

To make the deployment of proxy servers easier, some new technologies were developed to work with browsers in a more automated fashion. Administrators can use a special configuration file, for example, to hide details like port numbering from client users. This file contains JavaScript code and is installed on the proxy server itself or on some other Web server. Clients wishing to use this automatic configuration scheme simply enter into their browser settings the URL of this file. To the client, URLs will look like the following: 

 http://hypothetical_proxy.about.com/proxy.pac
 
For Internet Explorer 5, a new technology called Web Proxy Auto Discovery (WPAD) was introduced in an attempt to generalize the discovery of proxy servers as well as other network services. WPAD uses a lookup service like DNS to automatically construct an auto-configuration URL. Instead of a ".pac" file, WPAD expects a ".dat" file to be installed on a Web server as in the following example: 

 http://wpad.about.com/wpad.dat
 
Instead of users explicitly specifying this URL, the browser automatically constructs it using the network domain name (about.com), a default host name on that network (wpad) and a default configuration filename (wpad.dat). Administrators need only configure their name resolution services to redirect to the proper location.
 
4 Response to 'Proxy Servers Basics - I'
  1. Send Flower Pakistan
    https://sharannetwork.blogspot.com/2011/01/proxy-servers-basics-i.html?showComment=1407149670526#c6264367469809044781'> August 4, 2014 at 4:24 PM

    Whenever I need some problem relating this issue I come to your site and get very informative stuff thanks a lot for your article . Keep it up.
    access Mp3Raid in UK

     

  2. Send Flower Pakistan
    https://sharannetwork.blogspot.com/2011/01/proxy-servers-basics-i.html?showComment=1420004533818#c1210815774548609018'> December 31, 2014 at 11:12 AM

    The information on this blog is very useful and very interesting. If someone needs to know about the just click
    1337x UK proxy

     

  3. careerupdates
    https://sharannetwork.blogspot.com/2011/01/proxy-servers-basics-i.html?showComment=1448064710552#c8193306126440688123'> November 21, 2015 at 5:41 AM

    great hardwork thank you for sharing http://www.jobslatest14.in/

     

  4. gibsonherry
    https://sharannetwork.blogspot.com/2011/01/proxy-servers-basics-i.html?showComment=1511867269712#c4609635080654816745'> November 28, 2017 at 4:37 PM

    Grammar, vocabulary, tenses, indirect speech, passive sentences must always be keep in mind while writing a blog. Everyone must read this blog. This is going to help everyone.จำหน่าย server

     

Post a Comment