1. Forward Proxy
In general, unless otherwise specified, the proxy technology refers to forward proxy technology by default. The concept of forward proxy is as follows: A forward proxy (forward) is a server [proxy server Z] located between the client [user A] and the origin server [server B], in order to obtain content from the origin server , user A sends a request to proxy server Z and specifies the target (server B), and then proxy server Z forwards the request to server B and returns the obtained content to the client. Clients must do some special setup to use forward proxy. As shown in Figure 1.1 below
(Figure 1.1)
Forward proxy is the proxy server replaces the visitor [User A] to access the target server [Server B]
This is what forward proxying is all about. And why use a proxy server to replace the visitor [User A] to access Server B? This starts with the meaning of using a proxy server.
The main functions of using a forward proxy server are as follows:
1. Access the inaccessible server B , as shown in Figure 1.2 below
(Figure 1.2)
Let's look at Figure 1.2 without the complicated network routing scenario. Suppose that the routers are named R1 and R2 from left to right in the figure. Suppose that initially user A wants to access server B and needs to go through a routing node such as R1 and R2 routers. If router R1 or router If R2 fails, then server B cannot be reached. However, if user A asks proxy server Z to access server B instead of himself, since proxy server Z is not in the router R1 or R2 node, but accesses server B through other routing nodes, then user A can get the data of server B. . A real-life example is " over the wall ". However, since VPN technology has been widely used, "Climbing the Wall" not only uses traditional forward proxy technology, but also uses VPN technology.
2. Speed up access to server B
This statement is not as popular as it once was, mainly due to the rapid development of bandwidth traffic. In the early forward proxy, many people used forward proxy to speed up. As shown in Figure 1.2, it is assumed that user A goes to server B through the R1 router and the R2 router, and the link from R1 to the R2 router is a low-bandwidth link. And user A to proxy server Z, and from proxy server Z to server B are high-bandwidth links. Then it is obvious that access to server B can be accelerated.
3. Cache function
Cache (cache) technology and proxy service technology are closely related (not only forward proxy, reverse proxy also uses Cache (cache) technology. Someone has accessed the data J on the server B through the proxy server Z, then the proxy server Z will save the data J for a period of time. Send it directly to user A. This technique is called Cache hit in the term of Cache . If there are more users like user A to access proxy server Z, then these users can directly obtain data J from proxy server Z, and There is no need to go all the way to server B to download data.
4. Client access authorization
This aspect of content is still used more today. For example, some companies use ISA SERVER as a forward proxy server to authorize users whether they have permission to access the Internet. Move to Figure 1.3 below.
(Figure 1.3)
Figure 1.3 The firewall acts as a gateway to filter access to it from the external network. Assuming that both user A and user B have set up proxy servers, user A is allowed to access the Internet, but user B is not allowed to access the Internet (this is restricted on proxy server Z), so that user A can access server B through the proxy server because of authorization, However, because user B is not authorized by proxy server Z, when accessing server B, the data packet will be directly discarded.
5. Hide your visitor’s whereabouts
As shown in Figure 1.4 below, we can see that server B does not know that user A is actually accessing itself, because proxy server Z replaces user A to directly interact with server B. If proxy server Z is fully controlled (or not fully controlled) by user A, it will be called by the term "broiler".
(Figure 1.4)
A forward proxy is a server that sits between a client and an origin server . In order to get content from the origin server, the client sends a request to the proxy specifying the target (origin server), and the proxy forwards the request to the origin server. Return the obtained content to the client. The client must set the forward proxy server, of course, the premise is to know the IP address of the forward proxy server and the port of the agent program.
2. Reverse proxy
A reverse proxy is just the opposite of a forward proxy. The proxy server is like the origin server to the client, and the client does not need to do any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy will determine where (original server) to forward the request, and return the obtained content to the client. The role of using a reverse proxy server is as follows
1. Protect and hide the original resource server as shown in Figure 2.1
(Figure 2.1)
User A always thinks that it is accessing the original server B instead of the proxy server Z, but in fact the reverse proxy server accepts the response of user A, obtains the required resources of user A from the original resource server B, and then sends them to user A. Due to the effect of the firewall, only the proxy server Z is allowed to access the original resource server B. Although in this virtual environment, the combined action of the firewall and the reverse proxy protects the original resource server B, but user A is not aware of it.
2. Load balancing as shown in Figure 2.2
(Figure 2.2)
When there are more than one reverse proxy server, we can even make them into clusters. When more users access resource server B, let different proxy servers Z(x) respond to different users, and then send different users required resources.
Of course, the reverse proxy server has the function of CACHE like the forward proxy server. It can cache the resources of the original resource server B instead of requesting data from the original resource server B every time, especially some static data, such as pictures and file, if these reverse proxy servers can be from the same network as user X, then user X accesses reverse proxy server X, and will get very high-quality speed. This is the core of CDN technology. As shown in Figure 2.3 below
(Figure 2.3)
We are not explaining CDN, so we have removed the most critical core technology of CDN, smart DNS. It just shows that the CDN technology actually uses the reverse proxy principle.
The reverse proxy conclusion is the opposite of a forward proxy, it acts like an origin server to the client, and the client does not need to do any special setup. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy will determine where (original server) to forward the request and return the obtained content to the client, like these The content was originally its own.
Basically, there are many programs that do forward and reverse proxies on the Internet, and most of the software that can do forward proxies can also do reverse proxies. The most popular open source software is Squid, which can be used as both a forward proxy and a front-end server that many people use as a reverse proxy. In addition, MS ISA can also be used as a forward proxy under the WINDOWS platform. The most important practice in reverse proxy is WEB service. In recent years, Nginx is the most popular. Some people on the Internet say that NGINX cannot be a forward proxy, but it is not true. NGINX can also be used as a forward proxy, but fewer people use it.
3. Transparent proxy
If the forward proxy, reverse proxy and transparent proxy are divided according to human blood relationship. Then forward proxy and transparent proxy are obvious cousins, and forward proxy and reverse proxy are cousins.
Transparent proxy means that the client does not need to know the existence of a proxy server at all, it adapts your request fields (messages), and will transmit the real IP. Note that the encrypted transparent proxy belongs to the anonymous proxy, which means that there is no need to set the proxy. An example of a transparent proxy practice is the behavior management software that many companies use today. As shown in Figure 3.1 below
(Figure 3.1)
User A and user B do not know that the behavior management device acts as a transparent proxy. When user A or user B submits a request to server A or server B, the transparent proxy device intercepts and modifies the message of user A or B according to its own policy. And as the actual requester, it sends a request to server A or B. When receiving information back, the transparent proxy sends back the allowed message to user A or B according to its own settings, as shown in the figure above, if the transparent proxy settings do not allow it Access server B, then user A or user B will not get the data of server B
Forward proxy proxy client identity to access server resources
Reverse proxy proxy server identity reveals resources to clients
refer to: