Introduction to reverse Proxy

From: http://hi.baidu.com/xproduct/blog/item/c82aefdcf51a81a5cd116651.html Proxy Server is a very popular way to connect LAN hosts to the Internet, The use of proxy Internet can save scarce IP address resources, and can block external host access to the internal host, so that the intranet host from the external network host attack. 　　However, if you want the host on the Internet to access the intranet's host resources (for example, a Web site) and want to keep the intranet host from being attacked by an external network host, the general Proxy service cannot be implemented and needs to be implemented using a reverse proxy. This article describes in detail the concept of a reverse proxy service and how to leverage a reverse proxy server to improve the performance and security of your Web server.one. The concept of reverse proxyWhat is a reverse proxy? In fact, the reverse proxy is commonly referred to as the Web server acceleration, which is a way to reduce the load on the actual Web server by adding a high-speed web buffer server (that is, a Web reverse proxy server) between the busy Web server and the Internet. The typical structure is shown in the following illustration: Web server Acceleration (reverse proxy) is designed to provide accelerated functionality for Web servers. It acts as a proxy cache, but not for browser users, but for one or more specific Web servers (which is also the origin of the reverse proxy name). Implement a reverse proxy, as shown in the figure above, by simply placing the reverse proxy cache device on the front of one or more Web servers. When an Internet user accesses a Web server, the IP address that is resolved through the DNS server is the IP address of reverse proxy server, not the IP address of the original Web server, when the reverse proxy Server device acts as a Web server. The browser can connect to it without having to directly connect to the Web server. As a result, a large amount of Web service work is unloaded on the reverse proxy service. Not only can prevent the external network host direct communication with the Web server security risks, but also can greatly reduce the burden on the Web server, improve access speed.two. Comparison of reverse proxies and other proxiesThe following is a simple comparison of several typical proxy services. There are three kinds of proxy servers common on the network: 1. Standard proxy buffering Server A standard proxy buffering service is used to cache static Web pages (for example, HTML files and picture files, and so on) to a host on a local network (that is, a proxy server). When a cached page is accessed for a second time, the browser will get the request data directly from the local proxy server and no longer request data from the original web site. This saves valuable network bandwidth and increases the speed of access. However, to implement this approach, you must explicitly indicate the IP address and port number of the proxy server on each internal host's browser. When the client is online, the request is sent to the proxy server each time, and the proxy server determines whether to connect to the remote Web server to obtain the data on request. If there is a destination file in the local buffer, the file is passed directly to the user. 　　If not, retrieve the file first, save a buffer locally, and then send the file to the client browser. 2. The transparent proxy buffering server has the same functionality as the transparent proxy buffering service and the standard proxy server. However, the proxy action is transparent to the client's browser (that is, it does not need to indicate the IP and port of the proxy server). The transparent proxy server blocks network traffic and filters out HTTP (80-port) traffic outside the access. If the client's request is buffered locally, the buffered data is sent directly to the user, and if there is no buffer locally, the request is made to the remote Web server, and the remaining operations are identical to the standard proxy server. For Linux operating systems, transparent proxies are implemented using Iptables or IPChains. 　　Because you do not need to make any settings for your browser, transparent proxies are especially useful for your ISP (Internet server provider). 3. Reverse proxy buffer Server Reverse proxy is a completely different agent service from the first two kinds of proxies. Use it to reduce the load on the original Web server. The reverse proxy server assumes a request for a static page of the original Web server to prevent overload of the original server. It is located between the local Web server and the Internet, handles all requests to the Web server, and blocks direct communication between the Web server and the Internet. If the page requested by the Internet user has a buffer on the proxy server, the proxy server sends the buffered content directly to the user. If there is no buffer, first make a request to the Web server, retrieve the data, and then send it to the user after the local cache. This approach reduces the load on the Web server by reducing the number of requests to the Web server.three. Working principle of Reverse proxy 　　The reverse proxy server is located between the local Web server and the Internet, as shown in the following illustration: When a user's browser makes an HTTP request, the request is directed to the reverse proxy server through domain name resolution (if you want to implement a reverse proxy for multiple Web servers, you need to point the domain names of multiple Web servers to the reverse proxy server). Requested by the reverse proxy server processor. Reverse proxies typically cache only buffered data (such as HTML pages and images), while some CGI scripts or programs such as ASP are not cached. It buffers the static page based on the HTTP header tag returned from the Web server. There are four most important HTTP header tags: last-modified: Tell the Reverse proxy page what time was modified Expires: Tell the Reverse proxy page what time should be removed from the buffer Cache-control: Tell the reverse proxy page should be buffered Pragma: Tell if the reverse proxy page should be buffered. For example, by default, the ASP page returns "Cache-control:private.", so the ASP page will not be cached in the reverse proxy server