Original works, allow reprint, please be sure to use hyperlinks in the form of the original source of the article, author information and this statement. Otherwise, the legal liability will be investigated. http://z00w00.blog.51cto.com/515114/1031287
In the case of Cologne martial arts, agency service technology is a very old technology, is the use of technology in the early days of the Internet. The general way to implement agent technology is to install agent service software on the server, so that it becomes a proxy server, so as to implement agent technology. Commonly used agent technology is divided into forward agent, reverse proxy and transparent proxy. This article is aimed at these three kinds of agents to explain some basic principles and specific scope of application, so that we can better understand the agency service technology.
First, forward Proxy (Forward Proxy)
In General, if not specifically stated, the proxy technology by default is the forward proxy technology. The concept of a forward proxy is as follows: the forward proxy (forward) is a server "proxy z" between the client "User A" and the original server (origin server) "Server B", in order to obtain the content from the original server. User A sends a request to Proxy server z and specifies the target (server B), and then proxy server Z forwards the request to Server B and returns the obtained content to the client. The client must make some special settings to use the forward proxy. such as 1.1
(Fig. 1.1)
From the above concept, we see that the so-called forward proxy is the proxy server instead of the access "User A" to access the target server "Server B"
This is the meaning of the forward proxy. And why use proxy server instead of "User a" to access Server B? This should start with the meaning of the proxy server usage.
The following are the main functions of using a forward proxy server:
1. Access Server B, such as 1.2, that cannot be accessed
(Figure 1.2)Let's take a look at the complex network routing scenario in Figure 1.2, assuming that the router is named R1,r2 from left to right in the diagramAssuming that the initial user a needs to access server B through a routing node such as the R1 and R2 routers, Server B cannot be accessed if the router R1 or router R2 fails. However, if User a lets proxy server z go instead of accessing Server B, because proxy z is not in the router R1 or R2 node, but instead accesses server B through other routing nodes, user A can get the data for Server B. The Real example is "FQ". However, since the VPN technology has been widely used, "FQ" not only uses the traditional forward proxy technology, some also use the VPN technology.
2. Speed up access to Server B
This argument is not as popular as it used to be, mainly the rapid development of bandwidth traffic. In the early forward proxy, many people use the forward proxy to speed up. or 1.2 ? assume that the userAto the serverB, afterR1Routers andR2routers, andR1to theR2the link to the router is a low-bandwidth link. and the userAto the proxy serverZ, from the proxy serverZto the serverBare high-bandwidth links. Then it's obvious that you can speed up access to the serverBup.
3. Cache function
Cache(caching) technology and proxy service technologies are tightly linked (not just forward proxies, but reverse proxies also useCache(caching) technology. Also as shown, if the userAAccess ServerBa dataJbefore, someone already passed the proxy serverZaccess to a serverBthe DataJ, then the proxy serverZwill put the dataJsave for a while if someone happens to take that dataJ, then the proxy serverZno longer accessing the serverBwhile putting the cached dataJsend directly to usersA. This technology isCacheThe term is calledCachehit. If there are more user-likeAusers to access the proxy serverZ, these users can go directly from the proxy serverZget data inJ, instead of going all the way to the serverBDownload the data.
4. Client Access Authorization
This aspect of the content is still more used today, for example, some companies use ISA server as a forward proxy server to grant users access to the Internet, creases 1.3 Figure 1.3 Firewall is used as a gateway to filter the extranet access to it (Figure 1.3). Assuming that both user A and User B have a proxy server, user A allows access to the Internet, and User B does not allow access to the Internet (this is limited on proxy server z) so that user A is authorized to access server B through a proxy server, and User B is not authorized by proxy Server Z, So when you access server B, the packets are discarded directly.
5, hide the whereabouts of visitors
as 1.4 We can see that server B does not know that accessing itself is actually user Abecause the proxy server Z instead of users A go directly to the server B to interact. If the proxy server Z is fully controlled (or not fully controlled) by user A, it will be used in the term "broiler". (Figure 1.4)We summarize that the forward proxy is a server between the client and the original server (Origin server), in order to get the content from the original server, the client sends a request to the agent and specifies the target (the original server). The agent then forwards the request to the original server and returns the obtained content to the client. The client must set up a forward proxy server, if you know the IP address of the forward proxy and the port of the agent.
Second, the reverse proxy (reverseproxy)
The reverse proxy is exactly the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space) , and then the reverse proxy will determine where to go ( the original server ) The request is forwarded and the obtained content is returned to the client. the use of a reverse proxy server is as follows:
1. Protect and hide raw resource servers such as 2.1
(Figure 2.1)
user a Always think that it accesses the original server b instead of proxy server Z , but the practical reverse proxy server accepts the user A, from the original resource server b get the user a , and then sent to the user A . Because of the role of the firewall, only proxy server z Access Raw resource server b , but the user a< Span style= "font-family: the song Body;" > does not know.
2, load Balancing such as 2.2
(Figure 2.2)
when the reverse proxy server is more than one, we can even make them into clusters, when more users access the resource server B , let the different proxy server Z(x) answer different users, and then send the resources required by different users.
of course, the reverse proxy server has the same as a forward proxy server The role of the cache, which can cache the resources of the original resource server B, instead of having to request data to RAW resource Server B every time , especially some static data, than slices and files, if these reverse proxy servers are able to do and user X from the same network, then the user X to access the reverse proxy server x, you get a high-quality speed. This is the core of CDN technology. such as 2.3
(Figure 2.3)
we're not explaining . CDN, so remove the most critical core technology for CDN Smart DNS. Just demonstrating that CDN technology is actually using the reverse proxy principle is the block.
The reverse proxy conclusion is the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space) , and then the reverse proxy determines where (the originating server ) forwards the request and returns the obtained content to the client. It's like this is what it is.
Basically, the internet to do a lot of positive and negative agents, can do a positive proxy software most can also do reverse proxy. Open source software is the most popular is sQuid, can do forward proxy, there are many people used to do reverse proxy front-end server. In addition , MS ISA can be used to make a forward proxy under the WINDOWS platform. The most important practice in reverse proxy is WEB service, the most fire in recent years is Nginx . Some people on the internet say NGINX can not do a positive proxy, in fact, it is wrong. NGINX can also be a forward agent, but with fewer people.
Third, transparent agent
If the forward agent, reverse proxy and transparent agent according to the human blood relationship to divide. Then the forward proxy and transparent proxy is very obvious, and the forward proxy and reverse proxy is a cousin relationship .
The transparent proxy means that the client does not need to know the existence of a proxy server, it adapts your requestfields andtransmits the real IP. Note that encrypted transparent proxies are anonymous proxies, meaning that you do not have to use proxies. examples of transparent proxy practices are the behavior management software used by many companies nowadays. such as 3.1 (Figure 3.1)
User A and user B do not know that the behavior Management device acts as a transparent proxy, and when user a or user B submits a request to server a or server b , The transparent proxy device intercepts and modifies the message of User a or B according to its own policy and, as the actual requester, sends a request to server a or b , when the receiving information is returned, The transparent proxy then sends the allowed message back to user a or B according to its own settings, forexample, if the transparent proxy setting does not allow access to server b, then user a or user B you won't get the server B 's data.
Graphical forward proxy, reverse proxy, transparent proxy