What is a Proxy server and what is it for?

Explanation of what a proxy is. How to effectively use a proxy server, brief description of proxy types and alternative use cases.

A proxy server is an element of the network infrastructure that serves as an intermediary between a client computer (terminal, browser, application) located on the internal network and another server that is located on the external network or vice versa.

A proxy server is used for solving the above tasks:

  • security enhancement
  • privacy protection
  • resource balancing

HOW TO USE A PROXY SERVER

This server receives and transmits clients' requests (both within the internal and external network) to various network services and ensures their transmission to the target servers. Meanwhile, the client may be unaware that the communication is carried out via the proxy server. When accepting requests from a client, the proxy server can either: directly transfer them to the requested resource, or return the request from its cache, either deny the access. All this makes the proxy server a vital part of the networking technology.

Proxy server's main functions are as follows:

  1. Getting access to certain resources (including those blocked for some reason) - in many companies, Internet access for employees is provided only via a proxy server. It is used to ensure that the user is not visiting resources that are not permitted by company policy. The proxies can also be used to bypass blockages. Direct access to the resource can be blocked, while proxies cannot. Thus, if you access the blocked resource through a proxy, you can get access to it. However, depending on the proxy location, the connection speed can be affected.
  2. Anonymization of client computer IP address - if you access some resource through a proxy, you can hide your real IP address, so it will be much harder to track down you by IP.
  3. Blocking malicious traffic and certain resources on the network - we can use proxies not only for circumvention but also for blocks. 
  4. Maintaining a network connection log - a proxy allows us to track all network connections that pass through it. We can enable the logging of proxy events and send them to some LM solution for further analysis.

There are two proxy server types:

  • Forward - a direct proxy is an intermediate server that is located between the client and the destination server that the client contacts. To get content from the destination server, the client sends a request to the proxy server with the destination server as the target, and the proxy requests the content and returns it to the client. The client must be specifically configured (for example, you can specify a proxy in your browser) to use this proxy to access other sites.
  • Reverse - reverse proxy, actually, looks like a regular web server to the client. No special settings are required from the client. The client makes the usual content requests that are sent to the reverse proxy namespace. The proxy then decides where to send these requests and returns the content as if it were a destination server.

A typical example of using a reverse proxy server is to allow Internet users to access a server that is behind a firewall. Reverse proxies can also be used to load balance multiple back-end servers or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to move multiple servers in the same URL space.

PROXIES USE FOR CORPORATE INFRASTRUCTURE SECURITY

Many companies have the resources that are exposed to the public network and available to every external user. It can be just a company's website or a service that makes money (for example, an online store). The biggest threat to such resources is hacking.

The proxy server adds an additional, "buffer" security level between the protected resource and external traffic. This way, hackers can access your proxy server, but will not be able to connect to the server where the protected resource is actually running, where is storing your data. This can significantly reduce the probability of the resource being hacked.

WEB CONTROL

No company wants its employees to access unsecured or inappropriate websites through the corporate network. So when building a network architecture, administrators often decide to use the capabilities of a proxy server.

When users access the Internet through a proxy server, network administrators can easily control which devices will have access and which sites they can visit. With the help of proxy servers, it is possible to block unsuitable content, as well as any sites that are undesirable for company employees to visit during working hours.

By enabling proxy logging, network administrators can even monitor what content and when employees access it for internal purposes. Many security personnel use this to track potential illegal activities or safe policy breaches.

ENTERPRISE RESOURCE BALANCING

Nothing irritates the client more than the company's website, which slows down and falls at the most inopportune moment. If the resource is popular, the load on it can be enormous and the server can simply not cope with the flow of client requests. Proxy servers, cloud services, and peering technologies help to avoid such situations.

This is especially relevant for resources that have data and content stored on multiple servers distributed worldwide. Users from different countries may have different access speeds to the resource. In this case, the proxy server can be used to create a single web resource, which will serve as a single access point. The proxy will balance requests to each target server so that none of them are overloaded. All of this works in the background to provide uninterrupted client services resources.

Proxy servers can also be easily used to increase speed and save bandwidth on the network by compressing traffic, caching files and web pages accessed by multiple users, and even removing ads from websites. This frees up bandwidth on busy networks.