This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In this document we will present all necessary information in order to understand how a proxy server works, its basic functions, its history and its usefulness. An analysis of its characteristics, functionalities and types of proxy servers will be presented too. We will conclude with a discussion about security and popular proxy server sites.
Because of the growth of internet, the need of higher security and monitoring of traffic made mandatory the usage of proxy servers. Proxy servers nowadays have become the solution for the administrators to manage their network, making it faster and with the appropriate rules for internet browsing. It is the ideal solution for a safe, efficient internet access. A proxy server can be configured for providing filtering of data, firewall, shared connections and caching that is the reason of the higher internet speed access. All internet browsers have to possibility to be configured for taking the advantage of proxy servers. This can also be automated with proxy servers programs that exist. Although theoretically they provide additional network overload they have much more advantages that make proxy servers essential in mostly medium or large networks.
What is a proxy server and how it works
Proxy server is a computer system or application which works as an intermediary for clients searching resources which exist on other servers. It aims to improve the speed of surfing the internet and reducing network traffic. It receives requests from a web user such as a web page or a file available on a different server, then it evaluates at responds to the request. It simplifies this process and controls it. A proxy server is also part of a firewall and helps to prevent hackers from using the internet in order to not let them gain access to computers on a private network.
+--------+ +-------+ +--------+
| Client | ===== | Proxy | ===== | Server |
+--------+ +-------+ +--------+
The client that uses the proxy sends a request to a website. The request goes through the proxy which filters it and sends it to the hosting server. The response from the hosting server goes the same way: it goes back to the proxy which monitors it and then passes it to the client.
Some free online proxy servers exist too that are accessible to any user and those are called open proxy.
Although some of them are not recommended to use because they might run some sniffer programs on their server to monitor passwords or credit card numbers.
Figure : Proxy server (Brainbell), Shows a small network with clients that use a proxy server and firewall to access the internet.
Most web based Proxy's allows simple HTTP Content transfer such as:
Anonymous browsing - It makes possible to browse the internet by keeping the user's anonymity (hides the IP Address).
Access to blocked sites - ISP or a company's network administrator. ISP blocks several sites for different reasons and by using the proxy servers it is possible to browse them.
Speed - Proxy servers use caching. They cache websites or files from a web server and this makes the client's web surfing much faster by sending the information directly to him.
Malware analysis - Websites that are possible for malware can be checked from the proxy server.
Country Restriction - Some websites have country restrictions. For example they let the user browse them only if he originates from USA. This problem is bypassed with the usage of proxy servers.
Basic functions of proxy servers
Proxy server's features are usually more important on a large network like a corporate intranet, ISP or a company's private network. The more users on the network, the more helpful is the usage of a proxy server.
Firewalling and Filtering
Proxy servers work at the Application layer, layer 7 of the OSI model. They aren't as popular as ordinary firewalls that work at lower layers and support application-independent filtering. Proxy servers are also more difficult to install and maintain than firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or SOCKS must be configured individually. However, a properly configured proxy server improves network security and performance. Proxies have capability that ordinary firewalls simply cannot provide.
Firewalls are usually more popular than proxy servers. This is because they work at lower layers by supporting also application and independent filtering. Proxy servers work at the application layer 7 and are more difficult to configure them and maintain, as its functionality for every application protocol (such as HTTP) it must be configured individually. Despite its difficulty a well configured proxy server provides much more capabilities than a firewall. An Installation of both software programs on a server gateway sometimes is considered a good choice by network administrators.
Proxy server's filtering capability is of higher intelligence of a common router, because it functions at the OSI application layer. By inspecting the HTTP GET and POST messages administrators block access to illegal domains and allow access to other sites. In controversy firewalls have not the ability to see web domains. Some sophisticated software programs can perform different tests on retrieved material in order to decide to allow or not the access to a website too.
Connection Sharing with Proxy Servers
Proxy server is able to perform NAT functions by processing and executing commands for the clients that use a private IP address. This helps a company or organization to give to their network's computers access to the internet. This is also known IP proxy. This solution is a cost-effective alternative for sharing internet access to the network's computers rather than giving a direct internet connection to each client. All internal connections pass from one or more proxy servers that in turn connect to the outside. Lots of software products exist, depending the company's needs.
Proxy Servers and Caching
Caching of files and web pages from proxy servers may help a network mostly on different ways. First of all it conserves bandwidth on the network, improving response time and increasing scalability. A web page or a file might still be accessible from the proxy server even if its original source becomes unavailable on the internet.
Although caching in order to work properly and to prevent it from storing outdated and old information, network administrators must follow two methods to prevent this:
Configure an expiration to the content (This is part of the HTTP 1.1 specification)
Configure a default expiration to the server (ex. Microsoft IIS server)
Two different caching methods exist: Passive and Active.
The main difference is about when the proxy server caches the content.
This type of caching occurs while the client requests the content. At the same time the proxy server downloads a copy of the information requested (if it does not exist yet) and after that transfers it to the client. With this method the object is being stored in the proxy server's local drives and ready to be shared with the clients if requested.
The difference from the passive caching is that active method caches the content during the server's idle periods and not the same time which the client asks for data. This means that by learning which are the most frequently visited web pages it proactively downloads them making them ready to share them with the clients at the time they will need that. It gives priority to longer TTLS and not shorter. It also checks for objects that are about to expire.
Figure 2: Proxy server (compnetworking.about.com), Shows where a caching proxy server in a network.
Cache Construction and Logging
During the installation of a proxy server the space for caching is allocated and usually is preferred the largest partition. Cache sizing is suggested of being 100 MB and plus 500KB for each user. For every 500MB of cache space allocated the proxy server creates from folders to maximum 200. Objects larger than one-eighth of the folder size are usually not stored. When the server runs out of space the expired objects are first deleted.
Expiring Cache Objects
Clients sometimes requests from proxy servers objects that have expired. In this case proxy servers realize that and perform a conditional GET. When a web server receives the conditional GET, it compares the file's timestamp to the if-modified-since value that have received from the client. If the object in the web server is newer then it is sent to the proxy updated. This updated procedure helps with bandwidth savings both for the administrator and the proxy server.
Caching monitor through performance monitor
There are several monitor performance counters to assess proxy server's caching function. An important monitor performance object is that on web proxy server cache that includes counters that show how well caching is performing.
Arrays and Caching
To manage the overload of caching tasks can be distributed across several peer proxies. Proxy servers can be attached in array and those which join are members and participate in caching process. The entire process is managed from the cache array pouting protocol - carp that manages which proxy servers will maintain in their case a specific object.
Caching in Proxy Server Logs
Administrators might need to check the sources that the proxy server served a page to a client. This is done by checking the logs which store the object's source.
Types of proxy servers
• Anonymous Proxy - Anonymous proxy server (known as web proxy too), tries to anonymise web surfing, hiding the original IP address of the client (end user). These proxy servers are almost impossible to track and give the user a strong anonymity in the web.
• High Anonymity Proxy - High anonymity proxy server is not identified as a proxy server and hides the original IP address. It includes only the REMOTE_ADDR header with its own IP address making it appearing as a client and not a proxy server.
• Distorting Proxy - Distorting proxy server is identified as a proxy server but hides the original IP address through the http headers. By doing that it makes available an incorrect IP address.
• Intercepting Proxy - The intercepting proxy server, is a combination of proxy server and a gateway. All connections made from the client's browser to the gateway are redirected through the proxy without having the client's side configuration. This type of proxy is usually detectable by examining the HTTP headers.
• Reverse proxy - The reverse proxy is usually used for passing requests from the internet through a firewall to private networks. It is useful for preventing clients from having unmonitored access to important data on a network or intranet. It also helps with the client's surfing speed by enabling the caching without passing all the requests to the web servers.
A proxy server connecting the Internet to an internal network.
Figure 3: Proxy server (wikipedia), Shows how a reverse proxy server works.
• Transparent Proxy - The transparent proxy server (also known as forward proxy) it is not used for providing anonymity to the clients. It is mostly used for speed up the network traffic with the help of it's caching that is enabled. The cache is also transparent to the end-user.
A proxy server connecting an internal network and the Internet.
Figure 4: Proxy server (wikipedia), Shows how a transparent proxy server works.
Proxy server protocols
The most widely used protocols include 4 types: HTTP, HTTPS, SOCKS4, SOCKS 5. HTTP proxy operates at higher level than SOCKS. The second one uses handshake protocol to inform the software of proxy about the connection the client tries to make and this is the result of the maximum transparency, whereas the HTTP proxy rewrites and interprets headers, therefore not being transparent. HTTP works over TCP connection and does not have the ability to forward TCP connections because it does not have a mechanism for UDP proxying.
Transparent proxy servers that run in interception mode may be used by an attacker to relay connections.
Without the need of user or browser configuration transparent proxy servers are able to redirect network connections. Some connection decisions are based on HTTP host-header value. Attackers usually take advantage of HTTP host-header by forging it via active content. These connection decisions are considered unsafe in confront of source and destination IP addresses. To use this vulnerability, the attacker has to convince a web user to visit a web page with malicious active content or even load this content to a trusted website. This issue is specifically found in transparent proxy servers and not servers that run in reverse mode.
Full connections to a website that these proxy servers connect are vulnerable for the attackers to make full connections. In this issue are also included intranet sites that are not often exposed to the internet.
The solution for this issue includes the necessary updates of network's software which is mandatory for administrators to follow. In controversy for network architectures that use NAT may not be way to resolve this problem.
Different issues occur from the interception - diversion of A TCP connection.
The original IP address is not always possible to communicate with the proxy (for example because a proxy and a gateway might be on different hosts).
Cross site attacks are known to be frequent. This happens and depends from intercepting proxy servers that don't check information about the original destination. The solution for this issue is using a packet-level integrated and application level appliance which tries to give the information between proxy and packet handler.
HTTP caches also have problems that might occur from intercepting connections because some requests or responses became un-cacheable from a shared cache.
HTTP authentication might have problems due to intercepting (ex NTLM authentication) because the client browser confuses the proxy as a web server.
In order to create a communication for original destination information in integrated proxy server /firewall (router/firewall on the same host of the proxy) any method can be used such as Wingate.
Cisco's WCCP (web cache control protocol) is able to perform interception. This is a protocol that is configured from the cache. It allows the cache to choose the traffic and the ports sent to it from transparent redirection from the router. This is done on OSI layer 3 or OSI layer 2.
With NAT (network address translation) after the traffic arrives to the proxy machine, interception is performed. This kind of process is invisible to the client browser but the proxy server remains visible to the web server or other devices on the internet.
The detection of a proxy server and more specifically an intercepting proxy may be done with the following methods:
By examining HTTP headers
By comparing client's external IP to the address shown by an external web server
By using a tool such as tracerout to compare the sequence of network hops
By attempting connection to IP address that shows no existence of proxy resulting in error or closing the connection.
Online proxy software
Screenshot of computer program showing computer locations on a world map.
Figure 5: Proxy server (wikipedia), Shows a print screen of an online proxy software.
Proxy server software exist that are systems intended to enable anonymity online by routing internet traffic through a network of servers worldwide in order to hide the client's IP address and location. By using this type of software is much more difficult to track a client's internet activity such as visits of websites, messages or files downloaded. It was first released for giving the opportunity to the user for a higher level of privacy and personal freedom, such as for helping him exchange business information without being monitored. In most software programs there are also features of data encryption.
Popular proxy server websites
All type of proxy servers can help network administrators in lots of ways depending their needs. A well configured proxy server will only be an advantage in a company's private network, by making it faster, with the appropriate rules and with the ability to manage and monitor network's traffic. Proxy servers should not only be considered as a solution for making a private network faster but should be taken seriously and used as the best method for making the network secure and monitored. It's at administrator's choice what actually is needed for his network, both proxy server and firewall of course is the ideal solution for a medium or large private network.
Allen Jones (2000) Proxy server caching [Online] Available: http://www.windowsitpro.com/article/microsoft-management-console-mmc/proxy-server-caching-8502 (4 April 2000)
Brainbell (2012).Proxy servers [Online] Available: http://www.brainbell.com/tutorials/Networking/Proxy_Servers.html
Go4expert (2011). [Online] Available: http://www.go4expert.com/forums/showthread.php?t=24833 (2 February, 2011).
Compnetworking (n.d.). Proxy servers and you. [Online] Available: http://compnetworking.about.com/od/networksecurityprivacy/l/aa061000b.htm
Mike S. (2009) Types of Proxy Servers, Transparent and Anonymous proxies [Online] Available: http://info.webtoolhub.com/kb-a14-types-of-proxy-servers-transparent-and-anonymous-proxies.aspx (7 August 2009)
Wikipedia (n.d.) Proxy server [Online] Available: http://en.wikipedia.org