Proxy Servers


A proxy service provides management and control over what is now an essential feature of any modern networkInternet access. A proxy server, which can be a computer or a dedicated hardware device running proxy service software, acts as an intermediary between a user on the internal network and a service on the external network (normally the Internet). The proxy server takes requests from a user and then performs those requests on behalf of the user. To the external system, the request looks as if it originated from the proxy server, not from the user on the internal network. Figure 8.2 shows how a proxy server fits into a network configuration.

Figure 8.2. A proxy server in a typical network configuration.


A proxy server enables a network to appear to external networks as a single IP addressthat of the external network interface of the proxy server.


There are a couple of excellent reasons to implement a proxy server:

  • To perform NAT functions A proxy server can process and execute commands on behalf of clients that have private IP addresses. This enables an organization with only one registered IP address to provide Internet access to a large number of computers. This process is known as IP proxy.

  • To allow Internet access to be controlled Having a centralized point of access allows for a great deal of control over the use of the Internet. By using the functionality of a proxy server application or by using an add-on feature, proxy servers can filter requests made by clients and either allow or disallow them. You can, for example, implement uniform resource locator (URL) filtering, which allows or denies users access to certain sites. More sophisticated products can also perform tests on retrieved material, to see if it fits acceptable criteria. Such measures are intended to prevent users from accessing inappropriate Internet web pages. As an "after the event" feature, proxy server applications also normally provide logging capabilities so that Internet usage can be monitored.

The function of a proxy server should not be confused with the function of a firewall, even though some applications integrate the functionality of both. In basic terms, a proxy server is a centralized point of access to the Internet. It also, generally, provides caching capabilities. It does not directly protect the network from attack, though there is some degree of protection from the NAT function that proxy servers typically provide.


Although the most common function of a proxy server is to provide access to the Web for internal clients, that is not its only function. A proxy server, by definition, can be used as an intermediary for anything, not just HTTP requests. Other services can be supported by a proxy server, depending on the proxy server application being used and its configuration. For example, you might configure a proxy server to service HTTP requests (TCP port 80), Post Office Protocol 3 (POP3) email retrieval (TCP port 110), Simple Mail Transfer Protocol (SMTP) mail sending (TCP port 25), and HTTPS requests (TCP port 443). With an understanding of what a proxy server is designed to do, you can look at one additional feature built in to proxy server functionality, caching.

Caching Proxy Servers

An additional feature offered by many proxy server applications is caching; such a server is known as a caching proxy server. Caching enables the proxy server to store pages that it retrieves as files on disk. Consequently, if the same pages are requested again, they can be provided more quickly from the cache than if the proxy server had to continue going back to the Web server from which the pages were originally retrieved. This approach has two benefits:

Proxy servers are sometimes referred to as HTTP proxies or HTTP proxy servers. In reality, most proxy servers provide proxy services for multiple protocols, not just HTTP.


  • Significantly improves performance Performance is improved particularly in environments such as a school, where there is a great likelihood that more than one user might retrieve the same page.

  • Reduces demands on Internet connections Because there are fewer requests to the Internet when a caching proxy server is in use, there is a reduced demand on the Internet connection. In some cases, this results in a general speed improvement. In extreme cases, it might even be possible to adopt a less expensive Internet connectivity method because of the lower level of demand.

As with any technology, with caching proxy servers, there are issues to be considered. Sometimes a sizable amount of hard disk space is required to store the cached pages. With the significant decline in the cost of hard disk space over recent years, this is not likely to be much of a problem, but it still needs to be considered.

Another factor is that it's possible for pages held in the cache to become stale. As a result, a user might retrieve a page and believe that it is the latest version when, in fact, it has since changed, but the new page has not been updated in the proxy server cache. To prevent this problem, caching proxy servers can implement measures such as aging of cached information so that it is removed from the cache after a certain amount of time. Some proxy applications can also make sure that the page stored in the cache is the same as the page currently available on the Internet. If the page in the cache is the same as the one on the Internet, it is served to the client from the cache. If the page is not the same, the newer page is retrieved, cached, and supplied to the client.

Using a Proxy Server

Before clients can use a proxy server, it is sometimes necessary to configure the client applications to use it, and in other cases, additional client software is needed. In the case of Web browsers, it is sometimes necessary to manually tell the application that it needs to use a proxy server. Figure 8.3 shows Proxy Settings configuration screen in Microsoft Internet Explorer.

Figure 8.3. The Proxy Settings configuration screen in Internet Explorer.


Other applications besides Web browsers might need to use the proxy server functionality. In some cases, you might need to actually load client software. In essence, this client software modifies elements of the TCP/IP software on the system, to either make it aware of or enable it to cope with the existence of a proxy server. The good news is that the use of proxy servers is now so widespread that applications requiring special client software are becoming increasingly rare.

When Two Become One

By now, you might have realized that both firewalls and proxy servers play an important part in the network infrastructure. For that reason, many applications are now available that combine the functionality of both roles. These firewalling proxy servers provide a convenient means for an organization to control and secure the access of its network, and at the same time provide the benefits of Internet access to users.



    Network+ Exam Cram 2
    Network+ Exam Cram 2
    ISBN: 078974905X
    EAN: N/A
    Year: 2003
    Pages: 194

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net