ch06: Proxies
Last updated
Last updated
HTTP proxy servers are both web servers and web clients.
Proxies dedicated to a single client are called private proxies.
Proxies shared among numerous clients are called public proxies.
Proxies connect two or more applications that speak the same protocol.
While gateways hook up two or more parties that speak different protocols.
The proxy permit unrestricted access to educational content but forcibly deny access to stites that are inappropriate for children.
Proxy servers can be used to implement a uniform access-control strategy across a large set of web servers and web resources and to create an audit trail.
Use proxy servers to enhance security.
Proxy caches maintain local copies of popular documents and serve them on demand, recuding slow and costly Internet communication.
Proxy servers can modify the body format of content before delivering it to clients.
Anonymizer proxies provide heightened privacy and anonymity, by actively removing identifying characteristics from HTTP messages.
How proxies can be deployed into networks?
How proxies can chain together into hierarchies?
How traffic gets directed to a proxy server in the first place?
You can place proxies in all kinds of places, depending on their intended uses.
Egress Proxy: stick proxies at the exit points of local networks to control the traffic flow between the local network and the greater Internet.
Access(ingress) Proxy: proxies are often placed at ISP access points, processing the aggregate request from the customers.
Surrogates(reverse proxies): proxies frequently are deployed as surrogates at the edge of the network, in front of web servers.
Network Exchange Proxy: proxies can be placed in the Internet peering exchange points between networks.
Proxies can be cascaded in chains.
Modify the client: configure the client to use proxy;
Modify the network: configure the router to intercepts and redirects traffic to proxy;
Modify the DNS namespace: configure the proxy to be the web server;
Modify the web server: web server redirects the request to proxy.
Some tricky and much misunderstood aspects of proxy server requests.
When the client is not set tot use a proxy, it sends the partial URI.
When the client is set to use a proxy, it sends the full URI.
Virtually hosted web servers share the same physical web server among many web sites.
When a request comes in for the partial URI /index.html, the virtually hosted web server needs to know the hostname of the inteded web site.
Explicit proxies solve the problem by requiring a full URI in the request message.
Virtually hosted web servers require a Host header to carry the host and port information.
Client will not know it is talking to a proxy.
General-purpose proxy servers should support both full URIs and partial URIs in request messages.
Rules:
If a full URI is provided, the proxy should use it.
If a partial URI is provided, and a Host header is present, the Host header should be used to determine the origin server name and port number.
If a partial URI is provided, and there is no Host header, the origin server needs to be determined in some other way:
If the proxy is a surrogate, standing in for an origin server, the proxy can be configured with the real server's address and port number.
If the traffic was intercepted, and the interceptor makes the original IP address and port available, the proxy can use the IP address and port number from the interception technology.
If all else fails, the proxy doesn't have enough information to determine the origin server and must return an error message.
Proxy serves need to be very careful about chaning the request URI as they forward messages.
A request may go through many proxies, sometimes we need to know what proxies a message go through.
The Server response header field describes the software used by the origin server.
TRACE method just likes the traceroute.
Max-Forwards limits the number of proxy hops for TRACE and OPTIONS request.
If a proxy is unfamiliar with a method, it should try to forward the message to the next hop, if possible.
OPTIONS method lets a client discover the supported functionality of a web server or of a particular resource on a web servesr.
The Allow entity header field lists the set of methods supported by the resource identified by the request URI, or the entire server if the request URI is *.