Types and functions from Proxy
Caching proxy server
A proxy server can service requests without contacting the specified server, by retrieving content saved from a previous request, made by the same client or even other clients. This is called caching. Caching proxies keep local copies of frequently requested resources, allowing large organizations and Internet Service Providers to significantly reduce their upstream bandwidth usage and cost, while significantly increasing performance. There are well-defined rules for caching. Some poorly-implemented caching proxies have had downsides (e.g., an inability to use user authentication). Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems)
A proxy that focuses on WWW traffic is called a “web proxy”. The most common use of a web proxy is to serve as a web cache. Most proxy programs (e.g. Squid, NetCache) provide a means to deny access to certain URLs in a blacklist, thus providing content filtering. This is usually used in a corporate environment, though with the increasing use of Linux in small businesses and homes, this function is no longer confined to large corporations. Some web proxies reformat web pages for a specific purpose or audience (e.g., cell phones and PDAs).
Access control: Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the web. The organization can thereby track usage to individuals.
Anonymizing proxy server
An anonymous proxy server (sometimes called a web proxy) generally attempt to anonymize web surfing. There are different varieties of anonymizers.
Proxies can also be installed by online criminals, in order to eavesdrop upon the dataflow between the client machine and the web. All accessed pages, as well as all forms submitted, can be captured and analyzed by the proxy operator. For this reason, passwords to online services (such as webmail and banking) should be changed if an unauthorized proxy is detected.
Intercepting proxy server
An intercepting proxy (also known as a “transparent proxy”) combines a proxy server with a Gateway. Connections made by client browsers through the gateway are redirected through the proxy without client-side configuration (or often knowledge).
Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required.
It is often possible to detect the use of an intercepting proxy server by comparing the external IP address to the address seen by an external web server, or by examining the HTTP headers on the server side.
Transparent and non-transparent proxy server
The term “transparent proxy” is most often used incorrectly to mean “intercepting proxy” (because the client does not need to configure a proxy and cannot directly detect that its requests are being proxied).
However, RFC 2616 (Hypertext Transfer Protocol — HTTP/1.1) offers different definitions:
- “A ‘transparent proxy’ is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification”.
- “A ‘non-transparent proxy’ is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering”.
The term “forced proxy” is ambiguous. It means both “intercepting proxy” (because it filters all traffic on the only available gateway to the Internet) and its exact opposite, “non-intercepting proxy” (because the user is forced to configure a proxy in order to access the Internet).
Forced proxy operation is sometimes necessary due to issues with the interception of TCP connections and HTTP. For instance interception of HTTP requests can affect the usability of a proxy cache, and can greatly affect certain authentication mechanisms. This is primarily because the client thinks it is talking to a server, and so request headers required by a proxy are unable to be distinguished from headers that may be required by an upstream server (esp authorization headers). Also the HTTP specification prohibits caching of responses where the request contained an authorization header.
Open proxy server
Because proxies might be used for abuse, system administrators have developed a number of ways to refuse service to open proxies. IRC networks such as the Blitzed network automatically test client systems for known types of open proxy. Likewise, an email server may be configured to automatically test e-mail senders for open proxies, using software such as Michael Tokarev’s
The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be equivalent to an attacker portscanning the client host.  Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.
Split proxy server
A split proxy is a proxy implemented as two programs installed on two different computers. Since they are effectively two parts of the same program, they can communicate with each other in a more efficient way than they can communicate with a more standard resource or tool such as a website or browser. This is ideal for compressing data over a slow link, such as a wireless or mobile data service, as well as for reducing the issues regarding high latency links (such as satellite internet) where establishing a TCP connection is time consuming.
Taking the example of web browsing, the user’s browser is pointed to a local proxy which then communicates with its other half at some remote location. This remote server fetches the requisite data, repackages it, and sends it back to the user’s local proxy, which then unpacks the data and presents it to the browser in the standard fashion.
Some Web accelerators are proxy servers. Some reduce the quality of JPEG images to speed transmission. Some use a split proxy with special protocols and local and remote caching. (See Google Web Accelerator.)
Reverse proxy server
A reverse proxy is a proxy server that is installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the web servers goes through the proxy server. There are several reasons for installing reverse proxy servers:
- Security: the proxy server is an additional layer of defense and therefore protects the web servers further up the chain.
- Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure Sockets Layer.
- Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations).
- Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content.
- Compression: the proxy server can optimize and compress the content to speed up the load time.
- Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly “spoon feeds” it to the client. This especially benefits dynamically generated pages.
- Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewalled server internal to an organisation, providing extranet access to some functions while keeping the servers behind the firewalls.