CDN
The full name of CDN
is Content Delivery Network, that is, Content Delivery Network. The basic idea is to avoid bottlenecks and links that may affect the speed and stability of data transmission on the Internet as much as possible, so that content transmission is faster and more stable. By placing a layer of intelligent virtual placing reverse proxy
node
in the network , the CDN system can real-time analyze network traffic and the connection, load status of each node and the distance to the user. and response time and other comprehensive information to redirect the user's request to the service node closest to the user. Its purpose is to enable users to obtain the desired content nearby, solve the situation of Internet network congestion , and improve the response speed of users visiting websites.
proxy server
If your content server has sensitive information that must be kept secure, such as a database of credit card numbers, you
can
set up a
proxy
the firewall to act as a stand-in for your content server. When an external client tries to access the content server, it is sent to the proxy server. The actual content resides on the content server and is secured inside the firewall. A proxy server is located outside the firewall and appears to external clients as a content server.
When a client makes a request to the site, the request goes to the proxy server. The proxy server then sends the client's request to the content server through a specific path in the firewall. The content server then sends the result back to the proxy server through this channel. The proxy server sends the retrieved information to the client as if the proxy server were the actual content server (see Figure 1). If the content server returns an error message, the
proxy server
intercepts the message and changes any URLs listed in the header before sending the message to the client. This prevents external clients from getting the redirect URL of the internal content server.
In this way, the proxy
server
provides another barrier between the secure database and possible malicious attacks. In contrast to having access to the entire database, even if the attack is successful, the perpetrator is at best limited to accessing the information involved in a single transaction. Unauthorized users cannot access the real content server because the
firewall
path only allows the proxy server to have access.
Figure 1 A reverse proxy server is like a real content server
A reverse proxy server acts like a real content server
figure 1
The firewall
router can be configured so that only certain servers on certain ports (in this case the
proxy
) have access through the firewall, and no other machines are allowed in or out.
Secure reverse proxy A secure reverse proxy occurs when one or more connections between the proxy server and other machines use the
Secure
Sockets Layer (SSL) protocol to encrypt data.
use
A secure reverse proxy has many uses:
Can provide encrypted connections
from
proxy
servers outside the firewall to secure content servers inside the firewall.
Allows clients to securely connect to a proxy server, facilitating the secure transfer of information (such as credit card numbers).
A secure reverse proxy can cause each secure connection to
be
slowed down by the overhead involved in encrypting data. However, due to the caching mechanism provided by SSL, both parties in the connection can reuse the security parameters negotiated previously, thus greatly reducing the system overhead of subsequent connections.
Configuration method
There are three ways to configure a secure reverse
proxy
server :
Secure client to proxy. This scheme works well if unauthorized users have little or no access to the information exchanged between the proxy server and the content server (see Figure 2).
Figure 2 Client secure connection to proxy server
figure 2
Secure proxy to content server. This scenario works well if the client
is
outside the firewall and the content server is inside the firewall. In this scenario, the
proxy server
can act as a secure channel between sites (see Figure 3)
Figure 3 Proxy Server Securely Connects to Content Server
image 3
Secure client to proxy and secure proxy to content server. This scheme works well if you need to secure the information exchanged between the server,
proxy server
, and client. In this scenario, the proxy server can both act as a secure channel between sites and increase the security of client authentication (see Figure 4).
Figure 4 Client connects securely to proxy server and proxy server connects securely to content server
Figure 4
See Setting Up a Reverse Proxy Server for information on how to set up each of the above configurations.
In addition to SSL, a
proxy server
can use client authentication, which requires the computer making the request to the proxy server to provide a certificate (or identification form) to verify its identity.
Compare
The following will make a simple comparison of several typical proxy services. There are three common
proxy :
1. Standard proxy cache server
A standard proxy caching service is used to cache static web pages (eg, html files and image files, etc.) to a host (ie, a proxy server) on the local network. When the cached page is accessed for the second time, the browser will request data directly from the local proxy server instead of requesting data from the original web site. This saves valuable network bandwidth and increases access speed. However, to do this, the proxy server's IP address and port number must be explicitly specified on each internal host's browser. When the client surfs the Internet, each time the request is sent to the proxy server for processing, and the proxy server determines whether to connect to the remote web server to obtain data according to the request. If there is a target file in the local buffer, you can directly transfer the file to the user. If not, retrieve the file first, save a buffer locally, and then send the file to the client browser.
2. Transparent Proxy Cache Server
The transparent proxy buffering
service
functions exactly the same as the standard proxy server. However, the proxy operation is transparent to the client's browser (ie, it is not necessary to specify the IP and port of the proxy server). Transparent proxy servers block network traffic and filter out HTTP (port 80) traffic to the outside world. If the client's request is buffered locally, the buffered data is sent directly to the user. If there is no local buffering, the request is sent to the remote web server. The rest of the operations are exactly the same as the standard proxy server. For Linux operating systems, transparent proxies are implemented using Iptables or Ipchains. Transparent proxies are especially useful for ISPs (Internet Server Providers) because no browser settings are required.
3. reverse proxy cache server
A reverse proxy is a proxy service that is completely different from the first two proxies. Use it to reduce the load on the original WEB server. The reverse
proxy
server undertakes the request for the static page of the original WEB server, preventing the original server from being overloaded. It is located between the local WEB server and the Internet, and handles all requests to the WEB server, preventing direct communication between the WEB server and the Internet. If the page requested by the Internet user is buffered on the proxy server, the proxy server sends the buffered content directly to the user. If there is no buffering, first send a request to the WEB server, retrieve the data, cache it locally, and then send it to the user. This method reduces the load of the WEB server by reducing the number of requests to the WEB server