Chapter 2 proxy

1. The HTTP Proxy Server is both a web server and a Web Client.

Proxy and Gateway: the proxy connects two or more applications using the same protocol, while the gateway connects two or more endpoints using different protocols. In fact, the difference between the proxy and the gateway is very vague, and the proxy often needs to do some protocol conversion work.

2. the proxy can be used as a child filter, document access control, security firewall, Web Cache, and reverse proxy (posing as a web server. Receives real requests sent to the Web server, but different from the Web server, they can initiate communications with other servers to locate the requested content as needed); Content Router; Transcoder; anonymous (what features will the anonymous proxy delete from the HTTP message)

3. Proxy hierarchy

The proxy hierarchy is used to link up the proxy. The proxy server in the proxy hierarchy is assigned a parent-child relationship. The next entry proxy (near the server) is called the parent proxy, And the next exit proxy (near the client) is called the subproxy. The proxy server can forward packets to an ever-changing proxy server and original server set based on many factors.

4. How does the proxy obtain traffic?

Modify the client: many web clients support manual and automatic proxy configuration. If you configure the client as a proxy server, the client will send the HTTP request to the proxy intentionally instead of the original server.

Modify the network: intercept network traffic and import it to the proxy without the client's knowledge. This interception usually depends on the exchange devices and routing devices that monitor HTTP traffic. This kind of proxy is called an intercept proxy.

Modify the DNS namespace: the reverse proxy, the proxy server placed before the web server, directly impersonates the name and IP address of the web server. In this way, all requests are sent to the reverse proxy, instead of the server. To achieve this, You can manually edit the DNS name list or use a special Dynamic DNS server to determine the appropriate proxy or server as needed.

Modify the Web server: You can configure some Web servers to send an HTTP redirect command to the client to redirect client requests to a proxy.

5. Some thorny issues related to proxy requests

5.1 when the client sends a request to the proxy and server, the URI in the HTTP request message is different. When a client that does not set a proxy sends a request to the server, it will send some Uris, and set the proxy client to send the complete Uri.

5.2. The problem faced by the VM is the same as that faced by the proxy. The Web server of the VM needs to know the host name of the target Web site and carry host and port information through the host header.

5.3. the browser will parse the request URI based on whether there is a proxy. When no proxy is available, the browser will get the URI and try to find the response IP address. If no host is found, many browsers will try to provide a host name automatic "extension" mechanism, in case you enter an abbreviated form. However, if there is an explicit proxy, the user's uri Will be directly sent to the proxy, and the browser will not execute this extended function, but will hand it over to the proxy.

6. tracing packets

The via header field lists information related to each intermediate node in the message channel. The proxy can also use the via header to detect routing loops in the network. Before sending a request, the proxy inserts a unique string related to the via header and searches for the string in the input request to check whether a route loop exists in the network.

The format of an intermediate node in each via contains up to four components: an optional protocol name, a required protocol version, a required node name, and an optional descriptive comment.

Regarding the privacy of via: Sometimes we do not want to use the exact host name in the via string. In general, unless this behavior is explicitly allowed, the names and port numbers of the hosts behind the firewall should not be forwarded when the contemporary server is used as part of the network firewall, because the network structure information behind the firewall may be exploited by malicious groups.

7. Through the TRACE Method of HTTP/1.1, users can track request packets transmitted through the proxy chain, observe which proxies the packets have passed, and how each proxy modifies the request packets. Generally, no matter how many Proxies are inserted in the middle, the trace packet will be transmitted along the entire path to the target server. You can use the max-forwards header to limit the number of proxy hops for trace and options requests to view the requests received on any hop of the proxy chain.

8. Proxy Authentication

The proxy can be used as an access control device. HTTP defines a mechanism called proxy authentication, which can block requests to the content until the user provides a valid access permission certificate to the proxy.

This article from the "Lotus miss" blog, please be sure to keep this source http://liandesinian.blog.51cto.com/7737219/1558270

Chapter 2 proxy