Proxy Server

What is a proxy server?

A proxy server is an intermediary between a client and a web server located on the Internet. When using a proxy server, internet traffic flows in both directions through the proxy server.

Depending on the application and need, proxy servers can enforce IT security policies for the traffic. They can act as firewalls and web filters but also cache data to speed up frequent requests. Because proxy servers act as the direct communication partner for the web server on the Internet, they can also strengthen data protection and block both access and download of malware.

1. The client sends the web request to the IP address of the proxy server.
2. The proxy server forwards the request to the destination address.
3. The web server sends the request back to the proxy server.
4. The proxy server forwards the requested data back to the client without the client ever communicating directly with the web server.

How does a proxy server work?

When making a request to a web server, a client such as Chrome or Firefox does not establish a direct connection with the web server, but only connects to the proxy server.

CLIENT <---> PROXY SERVER <---> WEBSERVER                                    

The client then tells the proxy server which website to load. The proxy server then sends this request to the target server on the Internet. The response from the web server then also runs back via the proxy server.

Since the proxy server forwards the web requests in both directions, it can make changes to the data sent. A proxy server can change the sender IP address and anonymise other request fields so that the web server does not know exactly where the client is located. Also, a proxy server can block access to certain websites based on the domain name or IP address.

Where do I get a proxy server?

Proxy servers can be purchased as a service, self-hosted, and even free to use.

• Cloud-based proxy servers: Typically, an application from the provider is installed on the end device. This application ensures correct communication with the cloud proxy server.
• Own hosting: There are a number of providers who sell ready-configured hardware-based and virtual appliances that can be used directly in one's own data centre. These are often marketed as web proxies. A well-known and powerful open source software solution is Squid Cache.
• Open proxy servers (paid/unpaid): Some providers offer huge lists of proxy servers that can be accessed publicly and without authentication. Often the operators of these proxy servers do not even know that they are on these lists. Without the corresponding authorisation of the operator, the use of such proxy servers is illegal.

How is the proxy server set up?

To put a proxy server into operation, all IT systems and applications must be configured accordingly. In most cases, the setup is done with the help of an automatic configuration script or an application that has to be installed.

reasons for companies to use a proxy server

Proxies provide a valuable layer of security for users and computers on the internal network. They can be set up as web filters or firewalls, and can help protect IT systems from internet threats such as malware.

1. Improved security: Proxy servers can prevent known websites from being easily accessible to malware or phishing from the corporate network.
2. Enforcement of corporate internet policies: Companies set up to control and monitor how employees use the Internet. Many organisations do not want certain websites to be used during working hours. Proxy servers can be configured to deny access selected websites. Instead, a friendly message is displayed. Logging web requests can also prove useful for forensic purposes.
3. Bandwidth saving: Companies can achieve better overall network performance with a proxy server. Proxy servers can cache popular websites and then deliver them directly. This saves bandwidth and improves network performance.
4. Improving privacy: Some proxy servers can act as anonymous proxy servers and remove identifying information from the web request. This also works quite reliably with web browsers, but often rather poorly at the application level.
5. Access to restricted resources: Proxy servers allow users to bypass content restrictions imposed by companies or governments. The proxy server makes it look like you are in the US. This can also help in countries with government internet censorship, although in such cases a VPN is often a better solution.
6. Access to localised content: Using a regional proxy server can ensure that you are specifically assigned to a different country.

Types of proxy servers

It is important to match the proxy server to the desired use case. The following list represents a list of functionalities of modern proxy servers:

Forward proxy (standard case)

A forward proxy is the communication partner of the clients. All internet communication is handled through it.

A forward proxy is well suited for internal networks that require a single point of access to the Internet. Through the network address translation (NAT) that takes place, the IPs of the internal network are not revealed.

However, such a proxy can be problematic if a direct TCP connection between an internal and external IT system is required.

Reverse Proxy

In contrast to a forward proxy, which is located at the clients, a reverse proxy is positioned in front of the web servers.

A Reverse Proxy receives the user's requests to the web server and sends them on to the actual web server. The response from the web server is also passed back to the client through the reverse proxy.

A reverse proxy is well suited for filtering and distributing incoming loads. An incoming connection can be passed to a number of web servers for processing. Similarly, requests can be pre-filtered to reduce malicious and denial-of-service attacks.

Transparent Proxy

A transparent proxy tells websites in the request that it is a proxy server. The IP address of the client is also passed on to the web server.

Anonymous proxy

In contrast to transparent proxies, anonymous proxies ensure that the IP address of the client is not forwarded. This means that Internet activities cannot be traced so easily.

Proxy with high anonymity

A proxy with high anonymity is an anonymous proxy that does not store any data about the connections and thus makes tracing virtually impossible. Often such proxy servers also do not reveal themselves to the web server as a proxy.

Public proxy

A public proxy is accessible to everyone free of charge. Depending on the configured anonymity, websites can be accessed without revealing one's own IP address.

Such public proxies are basically only suitable for users for whom costs are the deciding factor, but security and speed are not so important. Public, free and easily accessible often also means overloaded and thus slow. Basically, the use of public proxy servers is not recommended.

Shared proxy

Most proxy servers are shared. This has advantages in terms of anonymity and cost.

The disadvantage of shared proxies is the often limited bandwidth. Also, all users of the proxy server are held in "clannish liability" for bad behaviour of a few. If individual websites block the IP address of the proxy, this has consequences for all users.

TLS proxy

A TLS (Transport Layer Security) proxy terminates the TLS connection between the client and the web server.

CLIENT <--(TLS)--> PROXY SERVER <--(TLS)--> WEBSERVER                                    

These proxies are most suitable for companies that need solid protection against threats at the network level.

Also, the outflow of data from the company can be monitored in great detail (DLP, Data Leakage Prevention).

When using a TLS proxy, companies must trust the certificate of the TLS proxy on all machines.

Rotating proxy

A rotating proxy has a large number of public IP addresses for outward communication. Optimally, each user receives his or her own IP address.

Rotating proxies are often used to circumvent security measures of web server operators. Websites often have protection against users who repeatedly request data or download entire websites (web scraping). If a different IP address is used for each access, these measures are often no longer effective.