Sie sind auf Seite 1von 7

Proxy Servers

Chapter 5

Proxy Servers
Contents

• Introduction of Proxy Server


• Functions of Proxy Servers
• Protocols of Proxy Servers
• Host Identifiers and Ports
• Configuration of browser to use Proxy Server

Objectives

After completion of this module, you will be able to know:


• What is a Proxy Server?
• What are the functions of Proxy Servers?
• Protocols of Proxy Servers
• Host Identifiers and Ports
• How to configuration of browser to use Proxy Server

53 Prepared by RGM TTC, Chennai


Proxy Servers

5.1 Introduction of Proxy Servers


A proxy is a device which allows connection to the Internet. It sits between workstations
on a network and the Internet, allowing for a secure connection, allowing only certain
ports or protocols to remain open. When a client requests a page, the request is sent to the
proxy server, which relays it to the site. When the request is received from the site, it is
forwarded back to the user. Proxy servers can be used to log internet use and block access
to prohibited sites.

Some home networks, corporate intranets, and Internet Service Providers (ISPs) use
proxy servers (also known as proxies). Proxy servers act as a "middleman" or broker
between the two ends of a client/server network connection. Proxy servers work with
Web browsers and servers, or other applications, by supporting underlying network
protocols like HTTP.

5.2 Key Features of Proxy Servers


Proxy servers provide three main functions:

1. Firewalling and filtering


2. Connection sharing
3. Caching

The features of proxy servers are especially important on larger networks like corporate
intranets and ISP networks. The more users on a LAN and the more critical the need for
data privacy, the greater the need for proxy server functionality.

5.2.1 Proxy Servers, Firewalling and Filtering

Proxy servers work at the Application layer, layer 7 of the OSI model. They aren't as
popular as ordinary firewalls that work at lower layers and support application-
independent filtering. Proxy servers are also more difficult to install and maintain than
firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or
SOCKS must be configured individually. However, a properly configured proxy server
improves network security and performance. Proxies have capability that ordinary
firewalls simply cannot provide.

Some network administrators deploy both firewalls and proxy servers to work in tandem.
To do this, they install both firewall and proxy server software on a server gateway.

Because they function at the OSI Application layer, the filtering capability of proxy
servers is relatively intelligent compared to that of ordinary routers. For example, proxy
Web servers can check the URL of outgoing requests for Web pages by inspecting HTTP
GET and POST messages. Using this feature, network administrators can bar access to
illegal domains but allow access to other sites. Ordinary firewalls, in contrast, cannot see
Web domain names inside those messages. Likewise for incoming data traffic, ordinary
routers can filter by port number or network address, but proxy servers can also filter
based on application content inside the messages.

54 Prepared by RGM TTC, Chennai


Proxy Servers

5.2.2 Connection Sharing with Proxy Servers


Various software products for connection sharing on small home networks have appeared
in recent years. In medium- and large-sized networks, however, actual proxy servers offer
a more scalable and cost-effective alternative for shared Internet access. Rather than give
each client computer a direct Internet connection, all internal connections can be funneled
through one or more proxies that in turn connect to the outside.

5.2.3 Proxy Servers and Caching


The caching of Web pages by proxy servers can improve a network's "quality of service"
in three ways. First, caching may conserve bandwidth on the network, increasing
scalability. Next, caching can improve response time experienced by clients. With an
HTTP proxy cache, for example, Web pages can load more quickly into the browser.
Finally, proxy server caches increase availability. Web pages or other files in the cache
remain accessible even if the original source or an intermediate network link goes offline.

Figure 6.1

5.2.3.1 Proxy caching

Imagine two people at a office -- let's call them Ram and Latha -- surfing the Net for
business research. Suppose Ram has an interest in computer networking books, visits
www.oreillynet.com in an attempt to learn more about them.

Now it's Latha's turn. Latha is very interested in computer programming. She navigates to
www.oreillynet.com and, because this page was cached during Ram's very recent visit,
she is surprised at how quickly this content-rich page pops into her browser window.
With a great first impression, Latha is now ready to immerse herself in the wonderful
world of computer programming.

55 Prepared by RGM TTC, Chennai


Proxy Servers

The potential benefits of proxy server caching loom even larger if Ram and Latha have a
few hundred coworkers that share the same proxied Internet access and similar interests
or Net surfing patterns. Yet proxy caching is not a silver bullet. Limitations exist that can
render this technology much less useful.

5.2.3.2 Drawbacks of Proxy Caching

It's reasonable to expect that proxy servers handling hundreds or thousands of Web clients
can become a network bottleneck. In addition to using servers with power processors and
large amounts of memory, administrators may also choose to deploy multiple proxies to
help avoid potential bottlenecks.

A proxy hierarchy creates multiple layers of caching support. Clients connect directly to a
first-level caching, and if a Web page is unavailable there locally, the request "misses"
and automatically gets passed to a second-level caching server, and so on.

As with many caching systems, the effectiveness of a multi-proxy server hierarchy is


very dependent on the pattern of traffic. In the worst case, all clients will be visiting Web
pages completely unrelated to each other, and proxies (the hardware and the additional
network traffic they generate) become pure overhead. One would expect that normal
traffic patterns will usually not be worst-case, but every network's use pattern will be
different.

Proxy caching differs from browser caching. Browsers automatically cache pages on the
client computer, whereas proxies can also cache pages on a remote Web server. Because
browsers already perform their own caching, introducing proxy caching into a network
will have only a second-order effect.

Proxy caches don't help much with refreshed pages. On some sites, Web pages are set
with HTML META tags to expire quickly; expired pages force the proxy cache to reload
that page. Similarly, caching is rendered ineffective by pages that change content
frequently, such as those on news sites, or weblogs.

Proxy caches also introduce measurement uncertainty into the Internet. Normally, a Web
server log will record identifying information of visiting clients such as their IP addresses
and domain names. For clients with proxy servers, all public requests are made on behalf
of the server, using its IP address and identity. Web sites that carefully track the patterns
of use of their visitors have much more difficulty in distinguishing unique client visits
through proxies.

5.3 Proxy Servers and Protocols


Proxy servers work with specific networking protocols. Obviously HTTP will be the most
critical one to configure for Web page access, but browsers also utilize these other
protocols:

56 Prepared by RGM TTC, Chennai


Proxy Servers

• S-HTTP (also called "Secure" or "Security" in the browser)


• FTP
• SOCKS

S-HTTP (Secure Hypertext Transfer Protocol) supports encrypted HTTP


communications. This protocol is becoming more and more common as ecommerce sites;
for example, adopt it to make credit card transactions safer. S-HTTP should not be
confused with SSL. Although S-HTTP uses SSL "under the covers," SSL is a lower-level
protocol that by itself does not impact a browser's proxy setup.

FTP (File Transfer Protocol) supports the download of files over the Web. Before HTTP
was developed, FTP was an even more popular way to share files across the Internet. FTP
treats files as either simple text or binary format, and it is still commonly used to
download compressed archives of non-HTML data (like MP3 files, for example).

SOCKS is a firewall security protocol implemented in some proxy configurations.

When manually configuring a browser, clients will need to know these details of the
proxy server arrangement. Most of the time, network administrators will configure the
proxies to serve all protocols to avoid any confusion.

5.4 Host Identifiers and Ports


To manually specify a proxy server in the browser, two pieces of information are
required. First, the host identifier is either the host's network name (as configured in
DNS, NIS, or similar naming service) or the host's IP address. Second, the port number is
the TCP/IP port on which the server listens for requests.

A single port number is generally used for all of the supported protocols above. This port
should not be confused with the standard ports used by the protocols themselves (port 80
for HTTP, port 21 for FTP, and so on). This is a proxy port only, and it should never be
assigned to one of the reserved numbers.

Unfortunately, a single standard port number does not exist. Some numbers like 8000 and
8080 are used more commonly than others, but the number can be any unassigned value
up to 65535. Users manually configuring their browsers will need to be told this port
number by their network administrator.

5.5 Proxy Servers and Browsers


To take advantage of a proxy server's capabilities, Web browsers like Internet Explorer
(IE) must be configured to explicitly use it. In many proxied environments, the client
computers do not have direct Internet access, and browsers generally are not configured
to use proxies "out of the box." Clients will be unable to access public Web sites in this
scenario until proxy settings have been correctly made.

57 Prepared by RGM TTC, Chennai


Proxy Servers

Figure 6.2: IE5 Tools menu

For example, to configure IE to use a proxy server, first click on Tools to access the drop-
down menu. Click on the Internet Options... menu item to raise the Internet Options
dialog. This dialog is a property sheet featuring multiple tabs. Clicking on the
Connections tab makes available a dialog that includes a button in the bottom-right
corner named LAN Settings... . Finally, click this button to raise the Local Area Network
(LAN) Settings dialog; here is where proxy information must be entered.

Figure 6.3: IE5 Internet Options, Connections tab

IE6 supports both manual and automatic configuration options. As shown the Figure, the
"Use a proxy server" check box must be checked to enable the manual entering of a
proxy. Either the network host name or the IP address of the proxy server must be typed
in the "Address" field. In addition, any internal domains (such as intranet sites) that do
not need to go through a proxy can be entered here in order to bypass the server.

58 Prepared by RGM TTC, Chennai


Proxy Servers

Figure 6.4: IE5 Internet Options, Connections tab

59 Prepared by RGM TTC, Chennai