The method of using squid to implement reverse proxy

Proxy server is a very common way to connect the LAN host to the Internet, using proxy Internet can save scarce IP address resources, and can block external host to the internal host access, so that the intranet host from the external network host attack. However, if you want the host on the Internet to access the intranet's host resources (for example, a Web site) and want to keep the intranet host from being attacked by an external network host, the general Proxy service cannot be implemented and needs to be implemented using a reverse proxy.

This article describes in detail the concept of a reverse proxy service and how to leverage a reverse proxy server to improve the performance and security of your Web server.

A The concept of reverse proxy

What is a reverse proxy? In fact, the reverse proxy is commonly referred to as the Web server acceleration, which is a way to reduce the load on the actual Web server by adding a high-speed web buffer server (that is, a Web reverse proxy server) between the busy Web server and the Internet. The typical structure is shown in the following illustration:

Web server Acceleration (reverse proxy) is designed to provide accelerated functionality for Web servers. It acts as a proxy cache, but not for browser users, but for one or more specific Web servers (which is also the origin of the reverse proxy name). Implement a reverse proxy, as shown in the figure above, by simply placing the reverse proxy cache device on the front of one or more Web servers. When an Internet user accesses a Web server, the IP address that is resolved through the DNS server is the IP address of reverse proxy server, not the IP address of the original Web server, when the reverse proxy Server device acts as a Web server. The browser can connect to it without having to directly connect to the Web server. As a result, a large amount of Web service work is unloaded on the reverse proxy service. Not only can prevent the external network host direct communication with the Web server security risks, but also can greatly reduce the burden on the Web server, improve access speed.

Two Comparison of reverse proxies and other proxies

The following is a simple comparison of several typical proxy services. There are three of common proxy servers on the network:

1. Standard proxy buffering Server

A standard proxy buffering service is used to cache static Web pages (for example, HTML files and picture files, and so on) to a host on a local network (that is, a proxy server). When a cached page is accessed for a second time, the browser will get the request data directly from the local proxy server and no longer request data from the original web site. This saves valuable network bandwidth and increases the speed of access. However, to implement this approach, you must explicitly indicate the IP address and port number of the proxy server on each internal host's browser. When the client is online, the request is sent to the proxy server each time, and the proxy server determines whether to connect to the remote Web server to obtain the data on request. If there is a destination file in the local buffer, the file is passed directly to the user. If not, retrieve the file first, save a buffer locally, and then send the file to the client browser.

2. Transparent proxy buffering Server

The transparent proxy buffering service is exactly the same as the standard proxy server. However, the proxy action is transparent to the client's browser (that is, it does not need to indicate the IP and port of the proxy server). The transparent proxy server blocks network traffic and filters out HTTP (80-port) traffic outside the access. If the client's request is buffered locally, the buffered data is sent directly to the user, and if there is no buffer locally, the request is made to the remote Web server, and the remaining operations are identical to the standard proxy server. For Linux operating systems, transparent proxies are implemented using Iptables or IPChains. Because you do not need to make any settings for your browser, transparent proxies are especially useful for your ISP (Internet server provider).