Forward agent/Reverse proxy/transparent proxy/transparent mode

Source: Internet
Author: User

1, forward agent (forward) is a server between the client and the original server (Origin server), in order to obtain content from the original server, the client sends a request to the agent and specifies the target (the original server), The agent then forwards the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.

2, reverse proxy (reverse proxy) on the contrary, for the client it is like the original server, and the client does not need to make any special settings. The client sends a normal request to the contents of the reverse proxy's namespace (name-space), and then the reverse proxy determines where (the original server) forwards the request and returns the obtained content to the client as if it were its own.

3, the difference between the two
From the use to say:
The typical use of forward proxies is to provide access to the Internet to LAN clients within the firewall, and the forward proxy can also use buffering to reduce network usage.
A typical use of a reverse proxy is to provide the server behind the firewall to Internet user access, and the reverse proxy can also provide load balancing for multiple servers on the back end or provide buffering services for slower servers on the back end. In addition, the reverse proxy can enable advanced URL policies and management techniques so that Web pages in different Web server systems exist simultaneously under the same URL space.
From a security standpoint:
The forward agent allows a client to access any Web site through it and hides the client itself, so you must take security measures to ensure that only authorized clients are serviced.
The reverse proxy is transparent to the outside, and visitors do not know that they are accessing an agent.

Squid is a forword/reverse proxy, with two functions, generally can be used as a LAN cache, at this time as a forward agent. The general server will let squid as the front-end, that is acting as a reverse proxy, the reverse proxy has a lot of software can be, such as Nginx, LIGHTTPD, but they are not generally able to do forward agent.

4, transparent agent (simple agent): Transparent agent means that the client does not need to know that there is a proxy server, it adapts your request fields (message), and will transmit real IP. Note that the transparent proxy for encryption is an anonymous proxy, meaning that you do not have to set up a use agent, such as the Garden 2 program.

How to use transparent proxies

Transparency in the transparent proxy technology means that the client does not feel the presence of the agent, does not need to set any proxy in the browser, the customer only needs to set the default gateway, the customer's access to the external network packet is sent to the default gateway, and the default gateway runs a proxy server, The data is actually redirected to proxy ports (such as 8080) of the proxy server, where the required data is requested by the local proxy server and then copied to the client. Theoretically transparent proxies can be common to any protocol.

In this case, however, the client must set up the DNS server correctly. Because the browser now does not set any proxies. The DNS query must be resolved by browser, which is the correct DNS server that the client must set up in TCP/IP to complete DNS resolution.

Private network address is 192.168.1.*, where the client is 192.168.1.100, Firewall machine network card is 192.168.1.1. The transparent Web Proxy is installed on the firewall machine and configured with a port of 8080. The kernel uses iptables to redirect the connection to the firewall port 80 to the proxy service.

5, transparent mode of the firewall is like a network bridge (opaque firewall like a router), network devices (including hosts, routers, workstations, etc.) and all computer settings (including IP addresses and gateways) need not be changed, and all packets through it are parsed, increasing the security of the network, Also reduces the complexity of user management.

The firewall uses the transparent proxy technology, these proxy service is also transparent to the user, the user consciousness does not have the firewall existence, then can complete the internal and external network communication. When internal users need to use transparent proxy to access external resources, users do not need to set up, the proxy server will establish a transparent channel, so that users directly communicate with the outside world, which greatly facilitates the user's use. When using a proxy server generally, each user needs to indicate in the client program that they want to use the proxy, setting proxy parameters (such as a special setting in the browser to indicate proxies such as HTTP or FTP). Transparent proxy service, the user does not need any settings can use Proxy server, simplifying the network setup process.

The principle of transparent proxy is as follows: Suppose A is an internal network client, B is an external network server, and C is a firewall. A TCP connection request is intercepted and monitored by the firewall when a is connected to B. When the connection is found to use a proxy server, the first connection between A and C is established, and then the firewall establishes the corresponding Proxy service channel to establish a connection with Target B, thereby establishing the data transmission path of a and target address B through the proxy server. From a user's point of view, the connection between A and B is direct, whereas a is actually a connection through Proxy server C and B. Conversely, the principle is the same when B has a connection request to a. Since these connection processes are automatic, the client is not required to manually configure the proxy server, and even the user is unaware of the presence of the proxy server, and thus transparent to the user.

Transparent proxy and transparent mode can simplify the setting of firewall and improve the security of the system. But there is a fundamental difference between the two: a firewall working in transparent mode uses the technology of transparent proxies, but transparent proxies are not the whole of transparent mode, and the firewall can use transparent proxies in non-transparent mode.

Source: http://blog.jyrxw.com/index.php?q=node/77

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.