Graphical forward proxy, reverse proxy, transparent proxy

Source: Internet
Author: User

original works, allow reprint, please be sure to mark the article in the form of hyperlinksOriginal source, author information and this statement. Otherwise, the legal liability will be investigated. http://z00w00.blog.51cto.com/515114/1031287

In the case of Cologne martial arts, agency service technology is a very old technology, is the use of technology in the early days of the Internet. The general way to implement agent technology is to install agent service software on the server, so that it becomes a proxy server, so as to implement agent technology. Commonly used agent technology is divided into forward agent, reverse proxy and transparent proxy. This article is aimed at these three kinds of agents to explain some basic principles and specific scope of application, so that we can better understand the agency service technology.


First, the forward agent (Forward proxy)

In general, if not specifically stated, the proxy technology by default is the forward proxy technology. The concept of a forward proxy is as follows: The forward proxy (forward) is a server "proxy z" between the client "User A" and the original server (origin server) "Server B", in order to obtain the content from the original server. User A sends a request to Proxy server z and specifies the target (server B), and then proxy server Z forwards the request to Server B and returns the obtained content to the client. The client must make some special settings to use the forward proxy. such as 1.1

(Fig. 1.1)



From the above concept, we see that the so-called forward proxy is the proxy server instead of the access "User A" to access the target server "Server B"



This is the meaning of the forward proxy. And why use proxy server instead of "User a" to access Server B? This should start with the meaning of the proxy server usage.



The following are the main functions of using a forward proxy server:

1. Access Server B, such as 1.2, that cannot be accessed


(Fig. 1.2) We remove the complex network routing plot look at figure 1.2, assuming that the router in the diagram is named R1,r2 from left to right, assuming that the initial user A to access Server B needs to go through the R1 and R2 routers such a routing node, if the router R1 or router R2 fails, Then you will not be able to access server B. However, if User a lets proxy server z go instead of accessing Server B, because proxy z is not in the router R1 or R2 node, but instead accesses server B through other routing nodes, user A can get the data for Server B. The real example is "FQ". However, since VPN technology is widely used, "FQ" not only uses the traditional forward proxy technology, but also uses the VPN technology.

2. Speed up access to Server B

This argument is not as popular as it used to be, mainly the rapid development of bandwidth traffic. In the early forward proxy, many people use the forward proxy to speed up. Or 1.2 assume that user A to Server B, through the R1 router and the R2 router, while the R1 to the R2 router's link is a low bandwidth link. User A to proxy z, from proxy server Z to Server B, is a high-bandwidth link. Then it is clear that you can speed up access to Server B.

3. Cache function
Cache technology and Proxy service technology are closely related (not only forward proxies, but also cache technology used by reverse proxies.) As shown, if the data j is accessed by proxy server z before user A accesses server B data J, Proxy Server Z will save the data J for a period of time, and if someone happens to fetch the data J, then proxy server z no longer accesses Server B. and the cached data J is sent directly to user A. This technique is called the cache hit by the term in the cache. If there are more users like user A to Access Proxy Z, then these users can get data J directly from Proxy server z, instead of going to Server B to download the data.
4. Client Access Authorization
This aspect of the content is still more used today, for example, some companies use ISA Server as a forward proxy server to authorize users to access the Internet, creases 1.3 (Figure 1.3) Figure 1.3 Firewall as a gateway to filter its access to the extranet. Assuming that both user A and User B have a proxy server, user A allows access to the Internet, and User B does not allow access to the Internet (this is limited on proxy server z) so that user A is authorized to access server B through a proxy server, and User B is not authorized by proxy Server Z, So when you access server B, the packets are discarded directly.

5, hide the whereabouts of visitors

As 1.4 we can see that Server B does not know that accessing itself is actually user A, because proxy server z is instead of user A to interact directly with Server B. If the proxy server z is fully controlled (or not fully controlled) by user A, it will be used in the term "broiler". (Fig. 1.4) We summarize that the forward proxy is a server located between the client and the originating server (Origin server), in order to obtain the content from the original server, the client sends a request to the agent and specifies the target (the original server). The agent then forwards the request to the original server and returns the obtained content to the client. The client must set up a forward proxy server, if you know the IP address of the forward proxy and the port of the agent.

Second, the reverse proxy (reverse proxy)
The reverse proxy is exactly the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (Name-space), and the reverse proxy determines where (the originating server) forwards the request and returns the obtained content to the client. The use of a reverse proxy server is as follows:
1. Protect and hide the original resource server such as 2.1

(Fig. 2.1)



User A always considers that it accesses the original Server B instead of the proxy server Z, but the utility's reverse proxy server accepts user A's response, obtains the user A's requirement resource from the original resource Server B, and sends it to user A. Because of the role of the firewall, only proxy server z is allowed to access the original resource Server B. Although in this virtual environment, the common role of firewalls and reverse proxies protects raw resource Server B, but user A is unaware.


2, load balancing such as 2.2

(Fig. 2.2)





When the reverse proxy server more than one time, we can even make them into a cluster, when more users to access resource Server B, the different proxy server Z (x) to answer different users, and then send different users need resources.



Of course, the reverse proxy server, like a forward proxy server, has the role of cache, which caches the resources of the original resource Server B, instead of requesting data from raw resource Server B, especially some static data, slices and files, If these reverse proxy servers are able to be from the same network as user X, then user x accesses the reverse proxy server x and gets a high-quality speed. This is the core of CDN technology. such as 2.3





(Fig. 2.3)





We are not explaining the CDN, so we have removed the most critical core technology of CDN Smart DNS. Just demonstrating that CDN technology is actually using the reverse proxy principle is the block.



The reverse proxy conclusion is the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy determines where (the originating server) forwards the request and returns the obtained content to the client, as if the content had been its own.


Basically, the Internet to do a lot of positive and negative agents, can do a positive proxy software most can also do reverse proxy. The most popular of the open source software is squid, can do both forward proxy, there are many people used to do reverse proxy front-end server. In addition, Ms Isa can be used to make a forward proxy under the Windows platform. The most important practice in reverse proxy is Web service, the most fire in recent years is nginx. Some people on the internet say Nginx can not do a positive proxy, in fact, it is wrong. Nginx can also be a forward agent, but with fewer people.

Third, transparent agent

If the forward agent, reverse proxy and transparent agent according to the human blood relationship to divide. Then the forward proxy and transparent proxy is very obvious, and the forward proxy and reverse proxy is a cousin relationship.
The transparent proxy means that the client does not need to know the existence of a proxy server, it adapts your request fields and transmits the real IP. Note that encrypted transparent proxies are anonymous proxies, meaning that you do not have to use proxies. Examples of transparent proxy practices are the behavior management software used by many companies nowadays. such as 3.1 (Fig. 3.1)

User A and User B do not know that the behavior Management device acts as a transparent proxy, and when user A or User B submits a request to server A or server B, the transparent proxy device intercepts and modifies the message of User A or B according to its policy and, as the actual requester, sends a request to server A or B, when the receiving information is returned, The transparent proxy then sends the allowed message back to user A or B according to its own settings, for example, if the transparent proxy setting does not allow access to Server B, then user A or User B will not get the data from Server B.

Graphical forward proxy, reverse proxy, transparent proxy

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.