Proxy servers are widely used to connect LAN hosts to the Internet. Using proxy to access the Internet can save scarce IP Address Resources and block access from external hosts to internal hosts, protects Intranet hosts from attacks on external hosts. However, if you want to allow hosts on the Internet to access host resources on the Intranet (for example, web sites) and protect hosts on the Intranet from attacks on hosts on the Internet, generally, proxy services cannot be implemented, and reverse proxy is required.
This article describes in detail the concept of reverse proxy service and how to use reverse proxy server to improve the performance and security of web servers.
1. Concept of reverse proxyWhat is reverse proxy? In fact, reverse proxy is usually referred to as Web Server acceleration. It is a high-speed Web buffer server (namely: web reverse proxy server) to reduce the load of the actual Web server. Shows the typical structure:
Web Server acceleration (reverse proxy) provides acceleration for Web servers. It acts as a proxy cache, but not for browser users, but for one or more specific Web servers (this is also the origin of the reverse proxy name ). Implement reverse proxy (as shown in) by placing the reverse proxy cache Device on one or more web server front ends. When an Internet user accesses a Web server, the resolved IP address is the IP address of the reverse proxy server, not the IP address of the original Web server. In this case, the reverse proxy server device acts as the web server, the browser can connect to the server without directly connecting to the web server. Therefore, a large amount of Web Service workload is uninstalled to the reverse proxy service. Not only can it defend against attacks
The security risks caused by direct communication between external network hosts and web servers. In addition, it can greatly reduce the burden on web servers and increase the access speed.
2. Comparison between reverse proxy and other proxiesThe following is a simple comparison of several typical proxy services. There are three common proxy servers on the Network: 1. standard Proxy Buffer server a standard Proxy Buffer service is used to cache static web pages (such as HTML files and image files) to a master machine (proxy server) on the local network ). When the cached page is accessed for the second time, the browser will directly obtain the request data from the local proxy server instead of requesting data from the original web site. In this way, you can save your network bandwidth and increase the access speed. However, to implement this method, you must specify the IP address and port number of the proxy server in the browser of each internal host. Each time a client accesses the Internet, the request is sent to the proxy server for processing. The proxy server determines whether to connect to the remote web server to obtain data based on the request. If a target file exists in the local buffer, you can directly pass the file to the user. If
If no, retrieve the file first, save a buffer locally, and then send the file to the client browser. 2. The transparent Proxy Buffer service and the standard proxy server have the same functions. However, proxy operations are transparent to the client browser (that is, the IP address and port of the proxy server are not required ). The transparent Proxy Server blocks network communication and filters outbound HTTP (port 80) traffic. If the client request is buffered locally, the buffered data is directly sent to the user. If there is no buffer locally, the request is sent to the remote web server. The remaining operations are identical to the standard proxy server. For Linux operating systems, transparent proxy is implemented using iptables or ipchains. Because you do not need to make any settings on the browser, transparent proxy is particularly useful for ISP (Internet server provider. 3. The Reverse Proxy Buffer Server is a proxy service that is completely different from the first two proxies. It can reduce the load of the original web server. The reverse proxy server undertakes the static page requests to the original web server to prevent the original server from being overloaded. It is located between the local Web server and the Internet. It processes all requests to the Web server and prevents direct communication between the Web server and the Internet. If the webpage requested by an Internet user is buffered on the proxy server, the proxy server directly sends the buffered content to the user. If there is no buffer, a request is sent to the Web server first to retrieve the data, and then the local cache is sent to the user. This method reduces the number of requests sent to the Web server and the load on the Web server.
Iii. Working Principle of reverse proxy
The reverse proxy server is located between the local Web server and the Internet, as shown in:
When your browser sends an HTTP request, the request is directed to the reverse proxy server through domain name resolution (if you want to implement reverse proxy for multiple Web servers, you need to direct the domain names of multiple Web servers to the reverse proxy server ). Requests are sent by the reverse proxy server processor. Reverse Proxy generally only caches buffered data (such as HTML web pages and images), but some CGI script programs or ASP programs do not cache. It caches static pages based on the HTTP header flag returned from the web server. There are four most important HTTP header labels:
- Last-modified: tells the reverse proxy when the page is modified.
- Expires: tells the reverse proxy when the page should be deleted from the buffer.
- Cache-control: indicates whether the reverse proxy page should be buffered.
- Pragma: indicates whether the reverse proxy page should be buffered.
For example, by default, the ASP page returns "cache-control: Private.", so the ASP page is not cached on the reverse proxy server.