Вы находитесь на странице: 1из 5

In a transparent proxy configuration, the proxy is typically deployed at the Internet gateway

and the proxy service is configured to intercept traffic for a specified port. The client (e.g.
browser, desktop application etc.) is unaware that traffic is being processed by a proxy. For
example, a transparent HTTP proxy is configured to intercept all traffic on port 80/443. The
typical benefits of a transparent proxy include a standard enterprise configuration where all
clients routed to the internet will always be filtered and protected no matter what the end
users do, or change, on their machines and the added benefit of reduction in typical users
client-proxy configuration troubleshooting.

In an explicit proxy configuration, the client (e.g. browser, desktop application etc.) is
explicitly configured to use a proxy server, meaning the client knows that all requests will go
through a proxy. The client is given the hostname/IP address and port number of the proxy
service. When a user makes a request, the client connects to the proxy service and sends the
request. The disadvantage to explicit proxy is that each client must be properly configured to
use the proxy.

Reverse Proxies

Firewalls are frequently thought of as devices that restrict access, not enable it.
However, proxy techniques can be used for both. If you have a need to support remote
Internet users, reverse proxies can be the answer.

Reverse proxies are used to provide controlled access for external (normally Internet-
based) users to internal servers. They act as a trusted intermediary that external users
must use to gain access to internal servers that would not normally be Internet
accessible. An external user attempting to gain access to an internal server first
connects and authenticates to the reverse proxy. Normally this is done over a Secure
Sockets Layer (SSL) connection to provide confidentiality and integrity for the
session. If authentication is successful, the proxy will check its policy to see whether
the user is allowed to access the requested server. If so, it will begin proxying the
connection for the user.

The type of internal servers that can be accessed using a reverse proxy vary depending
on the sophistication of the proxy. Simple reverse proxies can only support web-based
services. These products are basically normal web proxies that have been enhanced to
support user authentication. In many cases, they are sufficient because many sites
provide a significant amount of their network content using web systems. If you are
trying to grant access to other applications that do not have a web interface, you may
need to work harder.

One approach is placing a web interface on top of the application you are trying to
proxy. Once the application is web enabled, normal reverse proxy techniques can be
used to grant remote access. An example of this is Microsoft's Outlook Web Access
(OWA). OWA is part of Microsoft Exchange and provides a web version of the
Outlook mail and calendaring application. Any clients who can make a web
connection to the OWA application will be able to use most Outlook functions. In
fact, it can be difficult to recognize that you're accessing Outlook through a browser
because the interface you are interacting with inside the browser so closely resembles
the desktop version of Outlook. OWA combined with a reverse proxy provides a
secure mail and calendaring solution for remote users.

Alternatively, you can roll the web-enabling technology together with a reverse
proxy. This is the approach taken by Citrix MetaFrame. Citrix allows common
desktop and server applications to be accessed by web browsers, including
applications such as Microsoft Word and Adobe Acrobat. In fact, Citrix can proxy an
entire user desktop through a browser, giving a user experience that is highly similar
to sitting in front of the actual computer. Citrix also provides extensive management
controls, including role-based access to internal applications. Although a capable
product, it is not necessarily cheap and simple to implement. If you're considering
technologies such as Citrix, make sure to include acquisition and operational costs in
your analysis. In some cases, though, Citrix-like products can actually save you
money by allowing shared access to products too expensive to place on every user's

Anonymizing Proxies

Privacy can be an important security service but can be a hard commodity to come by
on the Internet. Almost all actions taken on a computer leave a digital trail. If you
don't want someone else following that digital trail back to you, an anonymizing
proxy may be the answer.
Anonymizing proxies work exactly like normal proxies, but are used for the purpose
of protecting your identity while you use services across the Internet. Your requests
are forwarded to the anonymizing proxy (usually over an SSL connection), which
hides your identifying details (such as IP address) by making the request on your
behalf. The destination server you are using only learns about the proxy's information
and does not learn who actually made the request. This assumes that you do not pass
anything identifying in the actual request.

Also assumed is that no one is monitoring the anonymizing proxy. If they were, they
might be able to match incoming requests to outgoing requests, breaching an
important aspect of the connection's privacy. This is especially easy to do if the proxy
is not busy. If yours is the only IP address connected to the proxy, it's not terribly hard
to guess who it is making requests through the proxy!

Various approaches have been used to solve this problem. One of the most popular is
proxy chaining. Tools such as SocksChain () can be used to build connections through
multiple anonymizing proxies. An observer at the first proxy in the chain will only see
that you are sending a request to the anonymizer, but will not learn the destination
because the next hop will only be another anonymizer. In this way, the ultimate
destination of your request is hidden from any outside observers (see). Another
approach along the same lines is Onion routing (, which combines proxy chaining
with multiple layers of encryption to ensure that a conversation cannot be followed
through the proxy nodes.

Anonymous Proxy - An anonymous proxy server also known as web proxy, generally
attempts to anonymize web surfing by hiding the original IP address of the end user.
This type of proxy server are typically difficult to track, and provides reasonable
anonymity for most users.

Distorting Proxy - This type of proxy server identifies itself as a proxy server, but
make an incorrect original IP address available through the http headers.

High Anonymity Proxy - This type of proxy server does not identify itself as a proxy
server and does not make available the original IP address. High anonymity proxies,
only include the REMOTE_ADDR header with the IP address of the proxy server,
making it appear that the proxy server is the client.
Intercepting Proxy - An intercepting proxy, also known as a transparent proxy,
combines a proxy server with a gateway. Connections made by client browsers
through the gateway are redirected through the proxy without client-side
configuration. These types of proxies are commonly detectable by examining the
HTTP headers on the server side.

Reverse proxy - A reverse proxy is another common form of a proxy server and is
generally used to pass requests from the Internet, through a firewall to isolated,
private networks. It is used to prevent Internet clients from having direct, unmonitored
access to sensitive data residing on content servers on an isolated network, or intranet.
If caching is enabled, a reverse proxy can also lessen network traffic by serving
cached information rather than passing all requests to actual content servers.

Transparent Proxy - A transparent proxy is a server that satisfies the definition of a

proxy, but does not enforce any local policies. It means that it does not add, delete or
modify attributes or modify information within messages it forwards. These are
generally used for their ability to cache websites and do not effectively provide any
anonymity to those who use them. However, the use of a transparent proxy will get
you around simple IP bans. Further, your web browser does not require special
configuration and the cache is transparent to the end-user. This is also known as
transparent forward proxy.

Performance of forward proxy server

Proxy server acts as an intermediary server between the client computer and the
server. Whenever a client computer sends a request for a particular document to a
main server, the same is first received by a proxy server. It filters the request using
appropriate protocols such as HTTP, FTP then forwards the filtered request to the
website. Then the website sends its response to the proxy server first which again
filters it and also checks whether the document is virus free. After that verified
document is forwarded to the client by proxy server. This entire process is done by
proxy server in just fraction of a second and thats why it seems tht the user is directly
accessing the web server without any help of intermediaries. Thus the proxy server
offers a quick, secured and efficient way of centralizing access to the internet. Thats
why many organizations get their computer network connected to the internet through
the proxy server to make them secured from virus attack and to improve

The main functions are

Content Faltering The proxy servers are required to filter the client request and his
quested documents as well on the basis of internet protocol. Also it is llowed to deny
access to blacklisted URLs to provide better security and control.

Acts as a Firewall The proxy server can be used to control and check the inflow and
outflow of the organizations data with the help of firewall software to provide better
security to the computer network of the organization.