Proxy Servers
Proxy servers provide what is now an essential feature of any modern network—Internet access. A proxy server acts as an intermediary between a user on the internal network and a service on the external network (normally the Internet). The proxy server takes requests from a user and then performs those requests on behalf of the user. To the external system, the request looks as if it originated from the proxy server, not from the user on the internal network. Figure 12.7 shows how a proxy server fits into a network configuration.
There are a couple reasons to implement a proxy server:
To perform NAT functions— A proxy server is able to process and execute commands on behalf of clients that have “private” IP addresses. This enables an organization with only one registered IP address to provide Internet access to a large number of computers.
To allow Internet access to be controlled— Having a centralized point of access allows for a great deal of control over the use of the Internet. By using the functionality of a proxy server application or by using an add-on feature, proxy servers can filter requests made by clients and either allow or disallow them. You could, for example, implement uniform resource locator (URL) filtering, which allows or denies users access to certain sites. More sophisticated products can also perform tests on retrieved material, to see if it fits acceptable criteria. Such measures are intended to prevent users from accessing inappropriate Internet Web pages. As an “after the event” feature, proxy server applications also normally provide logging capabilities so that Internet usage can be monitored.
NOTE
Single IP Address Representation A proxy server enables a network to appear to external networks as a single IP address—that of the external network interface of the proxy server.
NOTE
Proxy Servers Versus Firewalls The function of a proxy server should not be confused with the function of a firewall, even though some applications integrate the functionality of both. In basic terms, a proxy server is a centralized point of access to the Internet. It also, generally, provides caching capabilities.
Although the most common function of a proxy server is to provide access to the World Wide Web for internal clients, that is not its only function. A proxy server, by definition, can be used as an intermediary for anything, not just HTTP requests. Other services can be supported by a proxy server, depending on the proxy server application being used and the configuration. For example, you might configure a proxy server to service HTTP requests (TCP port 80), Post Office Protocol 3 (POP3) email retrieval (TCP port 110), Simple Mail Transfer Protocol (SMTP) mail sending (TCP port 25), and HTTPS requests (TCP port 443).
With an understanding of what a proxy server is designed to do, you can look at one additional feature built into proxy server functionality: caching.
Caching Proxy Servers
An additional feature offered by many proxy server applications is caching; such a system is known as a caching proxy server. Caching allows the proxy server to store pages that it retrieves as files on disk. Consequently, if the same pages are requested again, they can be provided more quickly than if the proxy server had to go back to the Web server from which the pages were originally retrieved. This approach has two benefits:
NOTE
Proxy Servers and Protocols Proxy servers are sometimes referred to as HTTP proxies or HTTP proxy servers. In reality, most proxy servers provide proxy services for multiple protocols, not just HTTP.
Significantly improves performance— Performance is improved particularly in environments such as a school, where there is a great likelihood that more than one user might retrieve the same page.
Reduces demands on Internet connections— Because there are fewer requests to the Internet when a caching proxy server is in use, there is reduced demand on the Internet connection. In some cases, this results in a general speed improvement. In extreme cases, it might even be possible to adopt a less expensive Internet connectivity method because of the lower level of demand.
As with any technology, with caching proxy servers there are issues to be considered. Sometimes a sizable amount of hard disk space is required to store the cached pages. With the declining cost of hard disk space in recent years, this is not likely to be much of a problem, but it still needs to be considered.
Another factor is that it's possible for pages held in the cache to become stale. As a result, a user might retrieve a page and believe it is the latest version when in fact it has since changed but the new page has not been updated in the proxy server cache. To prevent this problem, caching proxy servers can implement measures such as aging of cached information so that it is removed from the cache after a certain amount of time. Some proxy applications are also able to check to make sure that the page stored in the cache is the same as the page currently available on the Internet. If the page in the cache is the same as the one on the Internet, it is served to the client from the cache. If the page is not the same, the newer page is retrieved, cached, and supplied to the client.
More advanced features of caching proxy servers are Internet Cache Protocol (ICP) and Caching Array Routing Protocol (CARP). Using these protocols, a proxy server can ask another proxy server if it has a user-requested page in its cache. If it does, the page is retrieved from the other proxy server, stored in cache, and then supplied to the client. Such an arrangement can be used only in environments where there are multiple proxy servers. The increasing availability of broadband and high-speed Internet access is making such environments increasingly rare.
Using a Proxy Server
Before clients can use a proxy server, it is necessary to configure the client applications to use it, and in some cases, additional client software is needed. In the case of Web browsers, it is necessary to manually tell the application that it needs to use a proxy server. Figure 12.8 shows the configuration screen in Microsoft Internet Explorer that allows the configuration of proxy parameters.
Figure 12.8. The Proxy Settings configuration screen in Internet Explorer.
Other applications besides Web browsers might need to use the proxy server functionality. In some cases, you might need to actually load client software. In essence, this client software modifies elements of the TCP/IP software on the system, to either make it aware of or allow it to cope with the existence of a proxy server.
By now, you might have realized that both firewalls and proxy servers play an important part in the network infrastructure. For that reason, many applications are now available that combine the functionality of both roles. These “firewalling proxy servers”provide a convenient means for an organization to control and secure the access of its network, and at the same time provide the benefits of Internet access to users.