Graphical forward proxy, reverse proxy, transparent proxy

Original works, allow reprint, please be sure to use hyperlinks in the form of the original source of the article, author information and this statement. Otherwise, the legal liability will be investigated. http://z00w00.blog.51cto.com/515114/1031287

In the case of Cologne martial arts, agency service technology is a very old technology, is the use of technology in the early days of the Internet. The general way to implement agent technology is to install agent service software on the server, so that it becomes a proxy server, so as to implement agent technology. Commonly used agent technology is divided into forward agent, reverse proxy and transparent proxy. This article is aimed at these three kinds of agents to explain some basic principles and specific scope of application, so that we can better understand the agency service technology.

First, forward Proxy (Forward Proxy)

In General, if not specifically stated, the proxy technology by default is the forward proxy technology. The concept of a forward proxy is as follows: the forward proxy (forward) is a server "proxy z" between the client "User A" and the original server (origin server) "Server B", in order to obtain the content from the original server. User A sends a request to Proxy server z and specifies the target (server B), and then proxy server Z forwards the request to Server B and returns the obtained content to the client. The client must make some special settings to use the forward proxy. such as 1.1

(Fig. 1.1)

From the above concept, we see that the so-called forward proxy is the proxy server instead of the access "User A" to access the target server "Server B"

This is the meaning of the forward proxy. And why use proxy server instead of "User a" to access Server B? This should start with the meaning of the proxy server usage.

The following are the main functions of using a forward proxy server:

1. Access Server B, such as 1.2, that cannot be accessed

(Figure 1.2) We are removing the complex network routing plot to look at figure 1.2, assuming that the router in the diagram is named R1,r2 from left to right , assuming that the initial user A to access Server B needs to go through the R1 and R2 routers such a routing node, If router R1 or router R2 fails, then Server B cannot be accessed. However, if User a lets proxy server z go instead of accessing Server B, because proxy z is not in the router R1 or R2 node, but instead accesses server B through other routing nodes, user A can get the data for Server B. The Real example is "FQ". However, since VPN technology is widely used, "FQ" not only uses the traditional forward proxy technology, but also uses the VPN technology .

2. Speed up access to Server B

This argument is not as popular as it used to be, mainly the rapid development of bandwidth traffic. In the early forward proxy, many people use the forward proxy to speed up. or 1.2 ?assume that the userAto the serverB, afterR1Routers andR2routers, andR1to theR2the link to the router is a low-bandwidth link. and the userAto the proxy serverZ, from the proxy serverZto the serverBare high-bandwidth links. Then it's obvious that you can speed up access to the serverBup.

3. Cache function
Cache(caching) technology and proxy service technologies are tightly linked (not just forward proxies, but reverse proxies also useCache(caching) technology. Also as shown, if the userAAccess ServerBa dataJbefore, someone already passed the proxy serverZaccess to a serverBthe DataJ, then the proxy serverZwill put the dataJsave for a while if someone happens to take that dataJ, then the proxy serverZno longer accessing the serverBwhile putting the cached dataJsend directly to usersA. This technology isCacheThe term is calledCachehit. If there are more user-likeAusers to access the proxy serverZ, these users can go directly from the proxy serverZget data inJ, instead of going all the way to the serverBDownload the data.

Span style= "Font-size:medium" > 4, client access authorization
this content is still more used today, for example, some companies adopt isa SERVER To authorize the user to access the Internet as a forward proxy server, creases 1.3  

(Figure 1.3) Figure 1.3 The firewall acts as a gateway to filter access to the extranet. Assuming that both user A and User B have a proxy server, user A allows access to the Internet, and User B does not allow access to the Internet (this is limited on proxy server z) so that user A is authorized to access server B through a proxy server, and User B is not authorized by proxy Server Z, So when you access server B, the packets are discarded directly.

5, hide the whereabouts of visitors

as 1.4 We can see that server B does not know that accessing itself is actually user Abecause the proxy server Z instead of users A go directly to the server B to interact. If the proxy server Z is fully controlled (or not fully controlled) by user A, it will be used in the term "broiler".  (Figure 1.4)

  We summarize that the forward proxy is a server between the client and the original server (Origin server), in order to get the content from the original server, the client sends a request to the agent and specifies the target (the original server). The agent then forwards the request to the original server and returns the obtained content to the client. The client must set up a forward proxy server, if you know the IP address of the forward proxy and the port of the agent.

II, reverse proxy ( reverse proxy )
The reverse proxy is exactly the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. Client to reverse proxy namespace Send a normal request, and then the reverse proxy will determine where to ( original server transfer the request and return the obtained content to the client.  

1. Protect and hide raw resource servers such as 2.1

(Figure 2.1)

Span style= "Font-size:medium" >

user a Always think that it accesses the original server b instead of proxy server Z , but the practical reverse proxy server accepts the user A to get the user from the original resource server b a and then sent to the user a . Because of the firewall, only proxy server z Access Raw resource server b . Although in this virtual environment, the common role of firewalls and reverse proxies protects the original resource server b , but the user A not aware.

2, load Balancing such as 2.2

(Figure 2.2)

when the reverse proxy server is more than one, we can even make them into clusters, when more users access the resource server B , let the different proxy server Z(x) answer different users, and then send the resources required by different users.

of course, the reverse proxy server has the same as a forward proxy server The role of the cache, which can cache the resources of the original resource server B, instead of having to request data to RAW resource Server B every time , especially some static data, than slices and files, if these reverse proxy servers are able to do and user X from the same network, then the user X to access the reverse proxy server x, you get a high-quality speed. This is the core of CDN technology. such as 2.3

(Figure 2.3)

we're not explaining . CDN, so remove the most critical core technology for CDN Smart DNS. Just demonstrating that CDN technology is actually using the reverse proxy principle is the block.

The reverse proxy conclusion is the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space) , and then the reverse proxy determines where (the originating server ) forwards the request and returns the obtained content to the client. It's like this is what it is.

Basically, the internet to do a lot of positive and negative agents, can do a positive proxy software most can also do reverse proxy. The most popular in open source software issQuid, you can do the forward proxy, there are many people used to do reverse proxy front-end server. AlsoMS ISAcan also be used inWindowsplatform to do the forward proxy. The main practice in reverse proxy isWebservice, the hottest thing in recent yearsNginxup. Someone on the internet saidNginxIt is not right to be a forward agent. NginxYou can also do a forward proxy, but with fewer people. Third, transparent agent

If the forward agent, reverse proxy and transparent agent according to the human blood relationship to divide. Then the forward proxy and transparent proxy is very obvious, and the forward proxy and reverse proxy is a cousin relationship .
The transparent proxy means that the client does not need to know the existence of a proxy server, it adapts your requestfields andtransmits the real IP. Note that encrypted transparent proxies are anonymous proxies, meaning that you do not have to use proxies. examples of transparent proxy practices are the behavior management software used by many companies nowadays. such as 3.1 (Figure 3.1)

User A and user B do not know that the behavior Management device acts as a transparent proxy, and when user a or user B submits a request to server a or server b , The transparent proxy device intercepts and modifies the message of User a or B according to its own policy and, as the actual requester, sends a request to server a or b , when the receiving information is returned, The transparent proxy then sends the allowed message back to user a or B according to its own settings, forexample, if the transparent proxy setting does not allow access to server b, then user a or user B you won't get the server B 's data.

Plot forward proxy, reverse proxy, transparent proxy