Proxy servers, more difficult to configure than firewalls, however, offer opportunities for which it is sometimes worth to take the trouble to implement them. A properly configured proxy server brings benefits that a normal firewall cannot deliver.
The proxy server has three main functions:
- serves as a firewall and allows you to filter traffic,
- allows you to share an Internet connection,
- serves as a cache.
These properties of the proxy server are particularly important in large company networks or operator networks. The more users on the LAN and the more important the data protection issues, the greater the need to implement a proxy server.
You can start the proxy server as a service or as a stand-alone application. Depending on the situation, you should choose the right product, because they support different number of users and different types of data. The selection of proxy servers is very large. The most famous are the commercial Microsoft ISA Server and the free Squid.
In the production environment, the proxy server can be used as a NAT alternative. Although these two solutions work similarly and NAT is easier to configure, it is not always able to meet the requirements of the company.
For example, the company has many employees who use Internet access, but maintaining an Internet connection is expensive. There may be capacity problems or uncontrolled increases in the cost of Internet access. In this case, NAT will not be able to limit the bandwidth available to users, but the proxy server will prove very useful. Using a proxy server, you can limit the speed of each connection, provide user authentication, and record all connections. The possibilities for restrictions based on different criteria are almost limitless.
Firewall and filter functions
The proxy server works in the application layer, which is the seventh layer of the OSI model. Proxy servers are not as popular as firewalls, which work in lower layers and allow application-independent filtering. They are also more difficult to install and manage than firewalls, as the functionality of the proxy server must be configured separately for each protocol, e.g. HTTP, SMTP or SOCKS. Nevertheless, a properly configured proxy server has many advantages: it improves security and performance. Proxy servers offer capabilities that a normal firewall cannot provide.
Some network administrators implement both firewall and proxy server to make them work in a duo. For this purpose, they install the software on a server that acts as a gateway.
Because the proxy server works in the application layer, its ability to filter out network traffic is more sophisticated than a firewall. For example, an HTTP proxy server can check the URLs of websites that users browse by analyzing HTTP GET and POST HTTP messages. By using this function, the network administrator may block access to illegal sites and allow access to other sites. However, a normal firewall does not see domain names transmitted inside packets.
The same applies to incoming traffic. A router can filter packets based on port numbers or IP addresses, but a proxy server can do this by analyzing the data sent by applications.
Sharing an Internet connection
There are many products that allow you to share an Internet connection over a small network. However, proxy servers perform better in medium and large networks, providing greater scalability and lower costs of sharing a link. Instead of giving any computer direct access to the Internet, all internal connections can be tunneled through one or more proxy servers that will connect to the outside world.
A common use of proxy servers is to cache web content, which translates into more efficient network operation. First, caching limits the use of internet connection bandwidth, increasing scalability. Secondly, it shortens the response time to the customer's request. Using an HTTP proxy server, web pages can be loaded faster in the browser. Thirdly, caching increases accessibility. Web pages or other cached files are accessible even if the source server or proxy networks are not available.
Disadvantages of using cache memory
Storing files in a cache also has drawbacks. It is expected that proxy servers processing hundreds or even thousands of websites can become a bottleneck. An administrator can use a server with powerful multi-core processors and a large amount of RAM, or deploy multiple proxies to avoid the problem.
It is also possible to create a hierarchical proxy tree to spread the caching over multiple layers. The customer connects directly to the first layer of the cache. If a web page is not locally available, the request is automatically forwarded to the next layer until the desired resources are available.
The caching performance of hierarchical proxy servers is very dependent on the type of network traffic. In the worst-case scenario, all users visit completely different sites and servers become useless, generating only unnecessary extra workload. It is unlikely that a typical traffic situation will not fulfil this black scenario, but it should be remembered that each network has its own unique traffic characteristics.
In addition, the cache function of a proxy server is different from that of a web browser cache. Browsers automatically save the pages you visit to your computer, while the proxy server stores files on a remote server. Since browsers have their own cache, the proxy server will only be used if the browser does not find files on the local disk.
A proxy server will also not help with refreshed pages. Web pages are set using META tags so that they are frequently refreshed, which forces the content of the page to be downloaded again, even if it has been visited before and is cached. The same applies to sites whose content changes frequently, such as news pages and blogs.
From the point of view of website owners, proxy servers interfere with viewing statistics by hiding users' IP addresses. All users using a proxy server are seen at a single IP address.
Proxy servers and web browsers
Proxy servers work with specific network protocols. HTTP is of course the most important, but web browsers use different protocols:
- HTPPS enables encryption of communication between the user and the WWW server and is widely used. For encryption it uses SSL, which is a lower layer protocol, so it should not affect the proxy browser configuration. FTP (File Transfer Protocol) is used to transfer files from web servers. This protocol treats the file as a text or binary format and is still very popular for downloading files. SOCKS, on the other hand, is a firewall protocol that is sometimes included in proxy configuration.
Technically, you can use different proxy servers to support these protocols, e.g. one server to support HTTP and HTTPS, and the other to support other protocols. Most often, however, administrators implement a single proxy server to support all protocols. When configuring your browser, you must know the parameters of the proxy server in order to use it.
To configure a proxy server, you need two parameters: the IP address and the port number that the server will listen to. As a rule, a single port is used to support all protocols. Do not associate this port with standard protocol ports (80 via HTTP, 21 via FTP, etc.). This is a proxy server port only.
Unfortunately, there is no single port number that is considered the standard for proxy servers. The most common ports are 8000 or 8080, but you can assign different values up to 65535. You need to know the port number if you want to configure your browser yourself.
Automatic proxy configuration
Proxy server types
There are many types of proxy servers. They are divided depending on the protocol supported, e.g. FTP, HTTP, IRC, ICQ, VOIP, SSL.
In addition, there are many other types of proxy server. Socks proxy is used to support many types of data, regardless of whether they use TCP or UDP. The NAT proxy is used when packet forwarding is required, but the user application does not support a proxy server (there is no possibility to configure a proxy in a given program).
The SSL proxy server is an HTTP proxy extension that allows you to transfer TCP packets like a SOCKS proxy, which in turn allows you to support encrypted communication with web servers.
Proxy servers can also be divided into anonymous and transparent servers. An anonymous proxy server hides the IP address of the requesting computer from the target host (e.g. a web server). A transparent proxy server sends IP addresses to the target host.
Anonymous proxy servers can be further divided into Elite and Disguised. The Elite server is not identified by the target host as a proxy server. The Disguised server, on the other hand, provides such information about itself that it can be identified as an intermediary server.
A slightly different task than the server types described above has a reverse proxy. In this case, the aim is to reduce the load on the servers. Reverse proxy servers store static content of the web server and make it available to users on request. It works between the Internet and a web server. Stores and responds to incoming requests by providing web pages from its own cache.
For your convenience, we recommend 3 proxies as a service (ready to use):