Proxy servers can be a useful control and security device, and there are many different proxy types. In this video, you’ll learn about forward proxies, reverse proxies, and open proxies.
<< Previous: Dynamic DNSNext: Understanding Network Address Translation >>
A proxy server is a device that sits in the middle of the communication and makes the request for us, thus the name proxy when we talk about a proxy server. Our client workstation would communicate to a proxy– maybe request a website– the proxy then goes to the website, receives the response from that website and then sends that information back to the client device. We are never talking directly to that end website. The proxy is sitting in the middle, and it’s performing all of those communications.
We commonly see proxy servers used for something like control or security. Maybe you need to log in to gain access to the internet. You’re really logging into a proxy to provide that access control. Proxies are also good for caching. So the proxy can grab information from the internet, and the second person who needs that information can grab it from that local cache.
You also see this when you’re doing URL filtering or content scanning, because the proxy can make the request, receive the response, and then examine that information before sending it to the client. So if the client unknowingly is downloading a file with malware, it could be scanned at the proxy. And the proxy can throw that out before it ever reaches the end station.
In the example I just gave, we commonly see a forward proxy being used to perform that function. This is usually where we’d have an internal network. And the internal network has, in this case, a user and a proxy that’s on the inside of our network and something that is controlled by our network team or our security team. The end user makes the request to the internet. It hits the proxy. The proxy then makes the request directly out to the internet and gets the response. And then once the proxy is sure that everything is OK, it sends that information down to the user.
Now let’s take that scenario and reverse it. Instead now you are on the internet, and you need to access a web server that’s located on the inside of an organization. So here we are out on the internet, and we’re going to communicate with a reverse proxy. This reverse proxy takes all of the communications from the internet, examines it, makes sure there’s nothing that would be attacking the web server, sends the request down to the web server.
The web server responds, but of course it’s not responding back to you. It’s responding back to the proxy. And then the proxy of course is communicating back to you on the internet. So it’s the same as the original proxy we were looking at– our forward proxy– except now we’ve turned it around and made it a reverse proxy.
Another type of proxy you might run into is an open proxy. We commonly see open proxies used if you’re trying to remain anonymous or you’re trying to circumvent some existing security controls. This is because you’re making all of your communication to that open proxy. And the open proxy is then making all of the requests for you wherever they happen to go. They can go to example.com. It could be making a request to Google. It could be making requests to Yahoo or any other site you’d like to go to.
From your perspective, you’re communicating to a single device. And that’s how you’re able to circumvent a number of different security controls that are looking for an end station that you might be communicating with. And by using this proxy, you’re able to communicate and remain anonymous, because the end stations can’t see your IP address because it’s the proxy that’s actually making that request.
You do have to be very careful when using an open proxy of course, because whoever’s controlling the open proxy can control exactly what is sent down to you. This makes it very easy for pop ups, malicious software, and vulnerabilities to be sent down to your device. So whenever you’re taking advantage of an open proxy, it’s always useful to know exactly who owns the proxy and how it’s being administered.