Forwarding is also a kind of culture, the original address: http://z00w00.blog.51cto.com/515114/1031287
To apply the routine of the ancient dragon martial arts novels, the proxy service technology is a very old technology, which was used in the early days of the Internet. The general way to realize the proxy technology is to install the proxy service software on the server to make it a proxy server, so as to realize the proxy technology. Commonly used proxy technologies are divided into forward proxy, reverse proxy and transparent proxy. This article is to explain some basic principles and specific scope of application for these three agents, so that you can better understand the agent service technology.
1. Forward Proxy
In general, unless otherwise specified, the proxy technology refers to the forward proxy technology by default. The concept of forward proxy is as follows: forward proxy (forward) is a server [proxy server Z] located between the client [user A] and the origin server [server B], in order to obtain content from the origin server , user A sends a request to proxy server Z and specifies the target (server B), and then proxy server Z forwards the request to server B and returns the obtained content to the client. Clients must do some special setup to use forward proxy. As shown in Figure 1.1 below 
(Figure 1.1)
From the above concept, we can see that the so-called forward proxy in the text is that the proxy server replaces the visitor [user A] to access the target server [server B]
This is what forward proxying is all about. And why use a proxy server instead of the visitor [User A] to access Server B? This starts with the meaning of using a proxy server.
The main functions of using a forward proxy server are as follows:
1. Access the inaccessible server B, as shown in Figure 1.2 below
(Figure 1.2) Let’s look at Figure 1.2 without the complicated network routing scenario. Assume that the routers in the figure are named R1 and R2 from left to right. Suppose that initially user A wants to access server B and needs to go through a routing node such as R1 and R2 routers. If If router R1 or router R2 fails, server B cannot be accessed. However, if user A asks proxy server Z to access server B instead of himself, since proxy server Z is not in the router R1 or R2 node, but accesses server B through other routing nodes, then user A can get the data of server B. . A real example is "turning qiang ". However, since VPN technology has been widely used, " Fanqiang " not only uses traditional forward proxy technology, but also uses VPN technology .
2. The saying of speeding up access to server B
is not as popular as it used to be, mainly because of the rapid development of bandwidth traffic. In the early forward proxy, many people used forward proxy to speed up. As shown in Figure 1.2 , it is assumed that user A goes to server B through the R1 router and the R2 router, and the link from R1 to the R2 router is a low-bandwidth link. And user A to proxy server Z , and from proxy server Z to server B are high-bandwidth links. Then it is obvious that you can speed up access to the serverB. _
3. Cache function
Cache (cache) technology and proxy service technology are closely related (not only forward proxy, reverse proxy also uses Cache (cache) technology. Also as shown in the figure above, if user A accesses some data on server B Before J , someone has accessed data J on server B through proxy server Z , then proxy server Z will save data J for a period of time . The cached data J is sent directly to the user A. This technique is called Cache hit in the term of Cache . If there are more users like user A to visit the proxy server Z , then these users can get directly from the proxy server Z Data J without having to travel thousands of miles to the serverB download data.
4. The content of client access authorization
is still used more today. For example, some companies use ISA SERVER as a forward proxy server to authorize whether users have permission to access the Internet. Move down to Figure 1.3 (Figure 1.3)Figure 1.3 Firewall As a gateway, it is used to filter access to it from the external network. Assuming that both user A and user B have set up proxy servers, user A is allowed to access the Internet, but user B is not allowed to access the Internet (this is restricted on proxy server Z), so that user A can access server B through the proxy server because of authorization, However, because user B is not authorized by proxy server Z, when accessing server B, the data packet will be directly discarded. 5. Hide the visitor's whereaboutsas shown in Figure1.4We can see that serverBdoes not know that it is actually userA, because proxy serverZreplaces userAto directlyinteractB. If proxy serverZis fully controlled (or not fully controlled) by userA, it will be called "broiler". (Figure 1.4)
Let's summarize a forward proxy is a server that sits between a client and an origin server. To get content from the origin server, the client sends a request to the proxy specifying the target (the origin server), and the proxy sends the origin server Forward the request and return the obtained content to the client. The client must set the forward proxy server, of course, the premise is to know the IP address of the forward proxy server and the port of the agent program. Second, reverse proxy ( reverse proxy ) The reverse proxy is just the opposite of the forward proxy. For the client, the proxy server is like the original server, and the client does not need any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space) , and then the reverse proxy will determine where ( original server ) to forward the request, and return the obtained content to the client. The role of using a reverse proxy server is as follows: 1. Protect and hide the original resource server as shown in Figure 2.1
(Figure 2.1 )
User A always thinks that it is accessing the original server B instead of the proxy server Z , but in fact the reverse proxy server accepts the response of user A , obtains the required resources of user A from the original resource server B , and then sends it to user A. Due to the effect of the firewall, only the proxy server Z is allowed to access the original resource server B. Although in this virtual environment, the combined action of firewall and reverse proxy protects the original resource server B , but user A is not aware of it.
2. Load balancing as shown in Figure 2.2 
(Figure 2.2 )
When there are more than one reverse proxy server, we can even make them into clusters. When more users access resource server B , let different proxy servers Z ( x ) respond to different users, and then send different users required resources.
Of course, the reverse proxy server has the function of CACHE like the forward proxy server . It can cache the resources of the original resource server B instead of requesting data from the original resource server B every time , especially some static data, such as pictures and file, if these reverse proxy servers can be from the same network as user X, then user X accesses reverse proxy server X , and will get very high-quality speed. This is the core of CDN technology. As shown in Figure 2.3 below
(Figure 2.3 )
We are not explaining CDN , so we have removed the most critical core technology of CDN , smart DNS . It just shows that the CDN technology actually uses the reverse proxy principle.
The reverse proxy conclusion is the opposite of a forward proxy, it acts like an origin server to the client, and the client does not need to do any special setup. The client sends a normal request to the content in the reverse proxy's namespace (name-space) , and then the reverse proxy will determine where ( original server ) to forward the request and return the obtained content to the client, like these The content was originally its own.
Basically, there are many programs that do forward and reverse proxy online, and most of the software that can do forward proxy can also do reverse proxy. The most popular open source software is squid , which can be used as a forward proxy and a front-end server used by many people as a reverse proxy. In addition , MS ISA can also be used as a forward proxy under the WINDOWS platform. The most important practice in reverse proxy is WEB service. In recent years, Nginx is the most popular. Some people on the Internet say that NGINX cannot be a forward proxy, but it is not true. NGINX can also be used as a forward proxy, but fewer people use it.
3. Transparent proxy
If forward proxy, reverse proxy and transparent proxy are divided according to human blood relationship. Then the forward proxy and the transparent proxy are obviously cousins, and the forward proxy and the reverse proxy are cousins . Transparent proxy means that the client does not need to know the existence of a proxy server at all, it adapts your request fields (messages), and will transmit the real IP . Note that the encrypted transparent proxy belongs to the anonymous proxy, which means that there is no need to set the proxy. An example of a transparent proxy practice is the behavior management software that many companies use today. As shown in Figure 3.1 (Figure 3.1 )
User A and user B do not know that the behavior management device acts as a transparent proxy. When user A or user B submits a request to server A or server B , the transparent proxy device intercepts and modifies the message of user A or B according to its own policy. And as the actual requester, it sends a request to server A or B. When receiving information back, the transparent proxy sends back the allowed message to user A or B according to its own settings , as shown in the figure above, if the transparent proxy settings do not allow it Access server B , then user A or user B will not get the data of server B.
Forwarding is also a kind of culture, the original address: http://z00w00.blog.51cto.com/515114/1031287