ch06: Proxies

1. Web Intermediaries

HTTP proxy servers are both web servers and web clients.

1.2 Private and Shared Proxies

Proxies dedicated to a single client are called private proxies.

Proxies shared among numerous clients are called public proxies.

1.3 Proxies Versus Gateways

Proxies connect two or more applications that speak the same protocol.

While gateways hook up two or more parties that speak different protocols.

2. Why Use Proxies?

2.1 Chile Filter

The proxy permit unrestricted access to educational content but forcibly deny access to stites that are inappropriate for children.

2.2 Document Access Controller

Proxy servers can be used to implement a uniform access-control strategy across a large set of web servers and web resources and to create an audit trail.

2.3 Security Firewall

Use proxy servers to enhance security.

2.4 Web Cache

Proxy caches maintain local copies of popular documents and serve them on demand, recuding slow and costly Internet communication.

2.5 Transcoder

Proxy servers can modify the body format of content before delivering it to clients.

2.6 Anonymizer

Anonymizer proxies provide heightened privacy and anonymity, by actively removing identifying characteristics from HTTP messages.

3. Where Do Proxies Go?

  • How proxies can be deployed into networks?

  • How proxies can chain together into hierarchies?

  • How traffic gets directed to a proxy server in the first place?

3.1 Proxy Server Deployment

You can place proxies in all kinds of places, depending on their intended uses.

  • Egress Proxy: stick proxies at the exit points of local networks to control the traffic flow between the local network and the greater Internet.

  • Access(ingress) Proxy: proxies are often placed at ISP access points, processing the aggregate request from the customers.

  • Surrogates(reverse proxies): proxies frequently are deployed as surrogates at the edge of the network, in front of web servers.

  • Network Exchange Proxy: proxies can be placed in the Internet peering exchange points between networks.

3.2 Proxy Hierarchies

Proxies can be cascaded in chains.

3.3 How Proxies Get Traffic

  • Modify the client: configure the client to use proxy;

  • Modify the network: configure the router to intercepts and redirects traffic to proxy;

  • Modify the DNS namespace: configure the proxy to be the web server;

  • Modify the web server: web server redirects the request to proxy.

4. Tricky Things About Proxy Requests

Some tricky and much misunderstood aspects of proxy server requests.

4.1 Proxy URIs Differ from Server URIs

When the client is not set tot use a proxy, it sends the partial URI.

When the client is set to use a proxy, it sends the full URI.

4.2 The Same Problem with Virtual Hosting

Virtually hosted web servers share the same physical web server among many web sites.

When a request comes in for the partial URI /index.html, the virtually hosted web server needs to know the hostname of the inteded web site.

  • Explicit proxies solve the problem by requiring a full URI in the request message.

  • Virtually hosted web servers require a Host header to carry the host and port information.

4.3 Intercepting Proxies Get Partial URIs

Client will not know it is talking to a proxy.

4.4 Proxies Can Handle Both Proxy and Server Requests

General-purpose proxy servers should support both full URIs and partial URIs in request messages.

Rules:

  • If a full URI is provided, the proxy should use it.

  • If a partial URI is provided, and a Host header is present, the Host header should be used to determine the origin server name and port number.

  • If a partial URI is provided, and there is no Host header, the origin server needs to be determined in some other way:

    • If the proxy is a surrogate, standing in for an origin server, the proxy can be configured with the real server's address and port number.

    • If the traffic was intercepted, and the interceptor makes the original IP address and port available, the proxy can use the IP address and port number from the interception technology.

    • If all else fails, the proxy doesn't have enough information to determine the origin server and must return an error message.

4.5 In-Flight URI Modification

Proxy serves need to be very careful about chaning the request URI as they forward messages.

5. Tracing Messages

A request may go through many proxies, sometimes we need to know what proxies a message go through.

5.1 The Via Header

5.1 Via syntax

Via: 1.1 proxy-62.irenes-isp.net, 1.0 cache.joes-hardware.com

5.1.2 Via request and response paths

5.1.3 The Server and Via headers

The Server response header field describes the software used by the origin server.

Server: Apache/1.3.14 (Unix) PHP/4.0.4
Server: Netscape-Enterprise/4.1
Server: Microsoft-IIS/5.0

5.2 The TRACE Method

TRACE method just likes the traceroute.

5.2.1 Max-Forwards

Max-Forwards limits the number of proxy hops for TRACE and OPTIONS request.

6. Proxy Authentication

7. Proxy Interoperation

If a proxy is unfamiliar with a method, it should try to forward the message to the next hop, if possible.

7.1 OPTIONS: Discovering Optional Feature Support

OPTIONS method lets a client discover the supported functionality of a web server or of a particular resource on a web servesr.

7.2 The Allow Header

The Allow entity header field lists the set of methods supported by the resource identified by the request URI, or the entire server if the request URI is *.

Allow: GET, HEAD, PUT
Previousch05: Web ServersNextch07: Caching

Last updated