What is a proxy server?
A proxy server refers to a communication gateway in a network that acts as a mediator between two computer systems. The basic task of proxy servers is to accept client requests on servers and forward them to a target computer, using their own IP address. With this type of communication there is no direct connection between sender and receiver. Sometimes the requesting system and the target computer have no idea that they are dealing with a proxy. Proxy servers can be implemented in two directions: a forward proxy is used to protect a client’s network from online influences. If the target system (e.g. a webserver) is protected by an upstream proxy server, it’s known as a reverse proxy.
- Forward proxy (client protection): Proxy servers installed as interfaces between private networks (LAN) and the internet are able to effectively shield local terminal devices from influences originating from public networks. Requests from the LAN are received by the proxy and forwarded with their IP address (as the sender) to the target computer. Reply packages from the network are thus not addressed to the client on the LAN, instead they also pass through the proxy server before they are forwarded to the actual target. The proxy server generally acts as a supervisory body. Corresponding security systems don’t have to be installed on every client on the network, but can be implemented on a manageable number of proxy servers.
- Reverse proxy (server protection): webservers can also be secured additionally by using a proxy server with access from the public network. Clients from the internet don’t access the target computer directly, but instead requests are received from the proxy server, checked that they are in accordance with safety rules, and then safely passed to the server in the background.
Application areas of a proxy server
There are several reasons for using proxy servers. When used as a link between two communication partners, this network component enables data exchange to take place between two systems if a direct connection isn’t possible. It might not be possible due to incompatible IP addresses, for example, because one uses an IPv4 component and the other uses the new IPv6 standard. Data that takes a detour through the proxy is also filtered, cached, and distributed through load balancing onto different target systems. Additionally, a proxy is a central component of firewalls that protect computer systems against attacks from the public network.
- Caching: another standard feature of proxy servers is caching. In order to quickly answer recurring requests from a local network, a corresponding configured proxy server stores a copy of the data, which it receives from servers on the internet, temporarily in a cache. Frequently requested web content doesn’t have to be reloaded every time and can instead be delivered directly. This saves time and bandwidth.
- Filtering: if a proxy server is installed as an interface between two computer systems, it can be used as a filter for data traffic to block certain web content for clients or automatically dismiss conspicuous server requests.
- Bandwidth control and load distribution: if a proxy server is used to control the bandwidth, it allocates defined resources (depending on the capacity) to the network client beforehand. This way it can be guaranteed that the bandwidth isn’t completely blocked by individual applications. As a central interface, a proxy server also enables resource-intensive client requests or server responses to be shifted onto different systems so that loads can be evenly shared within a computer network.
- Anonymization: since proxy servers prevent direct connection between sender and receiver, it’s possible to hide the client’s IP address behind the communication interface. This allows a certain degree of anonymity since users are using the IP address and location of their proxy. In countries with a strong internet censorship or restricted access to copyrighted material, proxy servers from other countries are used to circumvent a geo-blocking schemes.
Types and titles/terms for proxy servers
Besides the general proxy definition, there are also various names in circulation for different types of proxy servers that aren’t easily differentiated from one another. They refer to the technical implementation of the network components as well as applied differences. A classification is common for circuit levels and application levels as well as in dedicated and generic proxy servers.
Application level vs. circuit level
Many proxy servers are designed to analyze data packages that have been delivered to them for transfer. Other proxy implementations, however, don’t have access to package data. Filter functions based on the sender’s IP and the addressed ports can be implemented in this case.
- Application level proxy: an application level proxy is located on the application layer (layer 7) of the OSI reference model. Thus, this proxy server type possesses functions to analyze data packages and block them, change them, or transfer them depending on the pre-configured settings. An application level proxy is also known as an application filter.
- Circuit level proxy: the circuit level proxy operates on the transport layer (layer 4) of the OSI reference model and is therefore not able to analyze packet data. This type of proxy is generally used as a firewall filter module and makes it possible to filter data packets via ports and IP addresses. Unlike the application level proxy, the circuit level proxy can’t have an influence on the communication itself. Instead, filtering is based on the ‘all or nothing principle’; data packages are either let through or blocked.
Dedicated vs. generic proxy server
The classification based on the terms ‘dedicated’ and ‘generic’ refers to the question of whether a proxy server is only responsible for a communications protocol (dedicated proxy) or whether the network interface acts as a contact for all communication protocols (generic proxy).
- Dedicated proxy: a dedicated proxy server is configured for a particular communication protocol. Generally various dedicated proxy servers operate parallel for different protocols like HTTP, FTP, and SMTP.
- Generic proxy: unlike dedicated proxies, a generic proxy server isn’t specialized and is used for multiple communication protocols.
In practice, an application level proxy is usually implemented as a dedicated proxy server. Generic proxy servers are used as circuit-level proxies. This is why these terms are sometimes used interchangeably.