To apply the Gulong martial arts novel routine, the proxy service technology is a very old technology, which was used in the early days of the Internet. The general way to realize the proxy technology is to install the proxy service software on the server to make it a proxy server, so as to realize the proxy technology. Commonly used proxy technologies are divided into forward proxy, reverse proxy and transparent proxy. This article is to explain some basic principles and specific scope of application for these three kinds of agents, so that everyone can have a deeper understanding of the agent service technology.
1. Forward Proxy
In general, unless otherwise specified, the proxy technology refers to forward proxy technology by default. The concept of forward proxy is as follows:
A forward proxy (forward) is a server [proxy server Z] located between the client [user A] and the origin server [server B]. In order to obtain content from the origin server, user A sends a message to proxy server Z A request and specifying the target (server B), then proxy server Z forwards the request to server B and returns the obtained content to the client. Clients must do some special setup to use forward proxy. As shown in Figure 1.1 below
(Figure 1.1)
From the above concept, we can see that the so-called
forward
is that the
proxy
server replaces the visitor [user A ] to access the target server [server B]
This is what forward proxying is all about. And why use a proxy server to replace the visitor [User A] to access Server B? This starts with the meaning of using a proxy server.
The main functions of using a forward proxy server are as follows:
1. Access the inaccessible server B, as shown in Figure 1.2 below
(Figure 1.2)
Let's look at Figure 1.2 without the complicated network routing scenario, assuming that the routers in the figure are named R1, R2 from left to right
Suppose that user A initially needs to go through a routing node such as routers R1 and R2 to access server B. If router R1 or router R2 fails, then server B cannot be accessed. However, if user A asks proxy server Z to access server B instead of himself, since proxy server Z is not in the router R1 or R2 node, but accesses server B through other routing nodes, then user A can get the data of server B. .
A real-life example is "over the wall". However, since VPN technology has been widely used, "Climbing the Wall" not only uses traditional forward proxy technology, but also uses VPN technology.
2. Speed up access to server B
This statement is not as popular as it once was, mainly due to the rapid development of bandwidth traffic. In the early forward proxy, many people used forward proxy to speed up. Still as shown in Figure 1.2
Suppose user A to server B goes through the R1 router and the R2 router, and the link from R1 to the R2 router is a low-bandwidth link. And user A to proxy server Z , and from proxy server Z to server B are all high-bandwidth links. Then it is obvious that access to server B can be accelerated .
3. Cache role
Cache
(cache) technology and proxy service technology are closely related (not only forward proxy, reverse proxy also uses Cache ( cache
)
technology . Someone has accessed the data J on the server B through the proxy server Z , then the proxy server Z will save the data J for a period of time. If someone happens to fetch the data J , then the proxy server Z will no longer access the server B , but will cache the data J. Send it directly to user A. This technique is called Cache hit in the term of Cache . If there are more users like user A to access proxy server Z , then these users can get data J directly from proxy server Z
, instead of having to travel thousands of miles to server
B
to download data.
4. Client access authorization
This aspect of content is still used more today. For example, some companies use ISA SERVER as a forward proxy server to authorize users whether they have permission to access the Internet. Move to Figure 1.3 below.
(Figure 1.3)
Figure 1.3 The firewall acts as a gateway to filter access to it from the external network. Assuming that both user A and user B have set up proxy servers, user A is allowed to access the Internet, but user B is not allowed to access the Internet (this is restricted on proxy server Z), so that user A can access server B through the proxy server because of authorization, However, because user B is not authorized by proxy server Z, when accessing server B, the data packet will be directly discarded.
5. Hide your visitor’s whereabouts
As shown in Figure 1.4 below, we can see that server B does not know that it is actually user A who is accessing itself , because proxy server Z replaces user A to directly interact with server B. If proxy server Z is fully controlled (or not fully controlled) by user A , it will be called by the term "broiler".
(Figure 1.4)
Let's summarize a forward proxy is a server that sits between a client and an origin server. To get content from the origin server, the client sends a request to the proxy specifying the target (the origin server), and the proxy sends the origin server Forward the request and return the obtained content to the client. The client must set the forward proxy server, of course, the premise is to know the IP address of the forward proxy server and the port of the agent program.
2. Reverse proxy ( reverse proxy )
A reverse proxy is just the opposite of a forward proxy. The proxy server is like the origin server to the client, and the client does not need to do any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space) , and then the reverse proxy will determine where ( original server ) to forward the request, and return the obtained content to the client.
The role of using a reverse proxy server is as follows:
1. Protect and hide the original resource server
As shown in Figure 2.1 below
(Figure
2.1 )
User
A always thinks that it is accessing the original server B instead of the proxy server Z , but in fact the reverse proxy server accepts the response of user A , obtains the required resources of user A from the original resource server B , and then sends it to user A. Due to the effect of the firewall, only the proxy server Z is allowed to access the original resource server B. Although in this virtual environment, the combined action of the firewall and reverse proxy protects the original resource server B , but user A is not aware of it.
2. Load balancing
As shown in Figure 2.2 below
(Figure 2.2)
When there are more than one reverse proxy server, we can even make them into clusters. When more users access resource server B, let different proxy servers Z(x) respond to different users, and then send different users required resources.
Of course, the reverse proxy server has the function of CACHE like the forward proxy server. It can cache the resources of the original resource server B instead of requesting data from the original resource server B every time, especially some static data, such as pictures and file, if these reverse proxy servers can be from the same network as user X, then user X accesses reverse proxy server X, and will get very high-quality speed. This is the core of CDN technology. As shown in Figure 2.3 below
(Figure 2.3)
We are not explaining CDN, so we have removed the most critical core technology of CDN, smart DNS. It just shows that the CDN technology actually uses the reverse proxy principle.
The reverse proxy conclusion is the opposite of a forward proxy, it acts like an origin server to the client, and the client does not need to do any special setup. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy will determine where (original server) to forward the request and return the obtained content to the client, like these The content was originally its own.
Basically, there are many programs that do forward and reverse proxy online, and most of the software that can do forward proxy can also do reverse proxy. The most popular open source software is squid , which can be used as a forward proxy and a front-end server used by many people as a reverse proxy. In addition, MS ISA can also be used as a forward proxy under the WINDOWS platform. The most important practice in reverse proxy is WEB service. In recent years, Nginx is the most popular. Some people on the Internet say that NGINX cannot be a forward proxy, but it is not true. NGINX can also be used as a forward proxy, but fewer people use it.