The difference between a forward proxy, a reverse proxy, and a transparent proxy

Source: Internet
Author: User
Tags virtual environment

First,Forward Proxy(Forward Proxy)

In general, if not specifically stated, the proxy technology by default is the forward proxy technology. The concept of a forward proxy is as follows:

A forward proxy (forward) is a server "proxy Z" that is located between the client "User A" and the original server (origin server) "Server B", in order to obtain the content from the original server, user A sends a request to the proxy server z and specifies the target (server B). Then proxy server Z forwards the request to Server B and returns the obtained content to the client. The client must make some special settings to use the forward proxy. such as 1.1

650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/105641260.jpg "width=" 650 "height=" 312 "style=" border:none; "/>

(Fig. 1.1)

From the above concept, we see that the so-called forward proxy is the proxy server instead of the access "User A" to access the target server "Server B"

This is the meaning of the forward proxy. And why use proxy server instead of "User a" to access Server B? This should start with the meaning of the proxy server usage.

The following are the main functions of using a forward proxy server:

1, access to this unreachable server B, such as 1.2650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/105737336.jpg " Width= "650" height= "369" style= "Border:none;"/> (Fig. 1.2) We are removing the complex network routing plot to see figure 1.2, assuming that the router is named R1 from left to right in the diagram, R2 assumes that the initial user A to access Server B needs to go through a routing node such as R1 and R2 routers, and if the router R1 or router R2 fails, then Server B cannot be accessed. However, if User a lets proxy server z go instead of accessing Server B, because proxy z is not in the router R1 or R2 node, but instead accesses server B through other routing nodes, user A can get the data for Server B. The real example is "flipping the wall". However, since the VPN technology has been widely used, "flipping the wall" not only uses the traditional forward proxy technology, some also use the VPN technology. 2. Speed up access to Server B

This argument is not as popular as it used to be, mainly the rapid development of bandwidth traffic. In the early forward proxy, many people use the forward proxy to speed up. or 1.2 ?

Assuming user A to server B, through the R1 router and the R2 router, the R1 to the R2 router's link is a low bandwidth link. User A to proxy z, from proxy server z to server B , is a high-bandwidth link. Then it is clear that you can speed up access to server B .

3. Cache functionCache(caching) Technology and proxy service technologies are tightly linked (not just forward proxies, but reverse proxies also useCache(caching) technology. Also as shown, if the userAAccess serverBA dataJBefore, someone already passed the proxy serverZAccess to a serverBThe dataJ, then the proxy serverZwill put the dataJSave for a while if someone happens to take that dataJ, then the proxy serverZNo longer accessing the serverBWhile putting the cached dataJSend directly to UsersA。 This technology isCacheThe term is calledCacheHit. If there are more user-likeAUsers to access the proxy serverZ, these users can go directly from the proxy serverZGet data inJ, instead of going all the way to the serverBDownload the data.

4. Client Access Authorization

This aspect of the content is still more used today, for example, some companies use ISA server as a forward proxy server to grant users access to the Internet, creases 1.3

650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/105935673.jpg "width=" 650 "height=" 398 "style=" Border:none; "/> (Figure 1.3) Figure 1.3 The firewall acts as a gateway to filter access to the extranet. Assuming that both user A and User B have a proxy server, user A allows access to the Internet, and User B does not allow access to the Internet (this is limited on proxy server z) so that user A is authorized to access server B through a proxy server, and User B is not authorized by proxy Server Z, So when you access server B, the packets are discarded directly. 5, hide the whereabouts of visitors

As 1.4 we can see that server b does not know that accessing itself is actually user a, because proxy server Z is instead user a to interact directly with server B . If the proxy server Z is fully controlled (or not fully controlled) by user A , it will be used in the term "broiler".

650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/110037136.jpg "width=" 650 "height=" 269 "style=" Border:none; "/> (Figure 1.4) We summarize that the forward proxy is a server located between the client and the originating server (Origin server), in order to obtain the content from the original server, the client sends a request to the agent and specifies the target (original server), and the agent forwards the request to the original server and returns the obtained content to the client. The client must set up a forward proxy server, if you know the IP address of the forward proxy and the port of the agent.Second,Reverse Proxy (Reverse Proxy)The reverse proxy is exactly the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (Name-space) , and the reverse proxy determines where ( the originating server ) forwards the request and returns the obtained content to the client.

The use of a reverse proxy server is as follows:

1. Protect and hide the original resource server

such as 2.1

650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/110207878.jpg "width=" 650 "height=" 279 "style=" border:none; "/>

(Figure 2.1 )

UserAalways think that it is accessing the original serverBInstead of a proxy serverZ, but the utility of the reverse proxy server accepts the userAthe response from the original resource serverBget users inAresource, and then send it to the userA. Because of the role of firewalls, only proxy servers are allowedZaccessing the original resource serverB. Although in this virtual environment, the combination of firewalls and reverse proxies protects the original resource serverB, but the userAdo not know.

2. Load Balancing

such as 2.2

650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/110311352.jpg "width=" 650 "height=" 419 "style=" border:none; "/>

(Fig. 2.2)

When the reverse proxy server more than one time, we can even make them into a cluster, when more users to access resource Server B, the different proxy server Z (x) to answer different users, and then send different users need resources.

Of course, the reverse proxy server, like a forward proxy server, has the role of cache, which caches the resources of the original resource Server B, instead of requesting data from raw resource Server B, especially some static data, slices and files, If these reverse proxy servers are able to be from the same network as user X, then user x accesses the reverse proxy server x and gets a high-quality speed. This is the core of CDN technology. such as 2.3

650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/110403848.jpg "width=" 594 "height=" 484 "style=" border:none; "/>

(Fig. 2.3)

We are not explaining the CDN, so we have removed the most critical core technology of CDN Smart DNS. Just demonstrating that CDN technology is actually using the reverse proxy principle is the block.

The reverse proxy conclusion is the opposite of the forward proxy, which is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy determines where (the originating server) forwards the request and returns the obtained content to the client, as if the content had been its own.

Basically, the Internet to do a lot of positive and negative agents, can do a positive proxy software most can also do reverse proxy. Open source software is the most popular is squid, can do forward proxy, there are many people used to do reverse proxy front-end server. In addition, Ms Isa can be used to make a forward proxy under the Windows platform. The most important practice in reverse proxy is Web service, the most fire in recent years is nginx. Some people on the internet say Nginx can not do a positive proxy, in fact, it is wrong. Nginx can also be a forward agent, but with fewer people.

Third,Transparent proxyIf the forward agent, reverse proxy and transparent agent according to the human blood relationship to divide. Then the forward proxy and transparent proxy is very obvious, and the forward proxy and reverse proxy is a cousin relationship. the transparent proxy means that the client does not need to know the existence of a proxy server, it adapts your requestfields and transmits the real IP. Note that encrypted transparent proxies are anonymous proxies, meaning that you do not have to use proxies. Examples of transparent proxy practices are the behavior management software used by many companies nowadays. such as 3.1 650) this.width=650; "border=" 0 "src=" http://img1.51cto.com/attachment/201210/110500391.jpg "width=" 650 "height = "388" style= "border:none;"/>

(Figure 3.1)

User A and User B do not know that the behavior Management device acts as a transparent proxy, and when user A or User B submits a request to server A or server B, the transparent proxy device intercepts and modifies the message of User A or B according to its policy and, as the actual requester, sends a request to server A or B, when the receiving information is returned, The transparent proxy then sends the allowed message back to user A or B according to its own settings, for example, if the transparent proxy setting does not allow access to Server B, then user A or User B will not get the data from Server B.


This article is from the "Linux operation and Maintenance" blog, reproduced please contact the author!

The difference between a forward proxy, a reverse proxy, and a transparent proxy

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.