WAN Optimization Caching / Proxy
A proxy server (sometimes called an application level gateway) is a computer system or an application that acts as a conduit between the LAN and the Internet or WAN. It receives requests from clients seeking a variety of information. It evaluates the information requested, applies rules set up in the server and if validated, will obtain the information from the source and hand it over. The method of filtering may be based on IP address or protocol. Thus, the proxy server, acting as a go between prevents direct access between networks. By playing this function, the proxy server makes it nearly impossible for a hacker to obtain internal addresses and details of the internal network.
Sometimes, a proxy server may alter a client request or the response of a server or it may serve the request without contacting a specific server. In such cases, the proxy server is caching a response from a server and distributing it directly when it receives an identical subsequent request. A proxy server that passes responses and requests without modification are called gateway or tunneling proxy servers.
Proxy servers typically are a group of applications or servers that block many common internet services. A SMTP proxy server intercepts email while a HTTP proxy server deals with web access. The proxy server, uses an addressing scheme gives a single company wide IP address to the internet. It handles responses by funneling them to the correct user. While a proxy restricts outside access to the internal network, it can also be set-up to prevent inside access to certain websites. Oftentimes, proxy servers are a part of a firewall. A proxy server can be placed at many points of a network. Sometimes they are installed on the users local computer or in a place between the user and the Internet.
Awhile the functionality seems the same, a proxy server is very different form a NAT device. A Nat device transparently changes the originating IP address of traffic coming through before it passes it on to the Internet, while a proxy receives the request on behalf of a client, retrieves information and passes it back to the requestor. In the OSI model, a proxy server works on the transport layer level (level 4) while the NAT works on the network layer (Layer 3)
Categories of Proxy Servers
Forward Proxy Server – the client names the target and the proxy directly passes on the request. Forward proxy servers have the ability to retrieve information from an almost limitless variety of resources.
Open Proxies – An open proxy server is a type of forwarding server that can be accessed by anyone from the Internet. There are literally hundreds of thousands of these servers spread across the Internet. These types of proxies are oftentimes used to conceal IP address while browsing the web or using Internet services. However, anonymity is not assured because there are techniques that can be used to trick the client into disclosing the IP address.
Reverse Proxies – This is a surrogate proxy that appears as an ordinary server. The reverse proxy forwards all requests to one or more servers but sends responses out as though it came from the proxy server.
Some of the many reasons for installing a reverse proxy server are:
- Load balancing – the reverse proxy can balance the load among many web servers with each serving its own application. In this scenario, the reverse proxy server is needed to rewrite URLs in each web page.
- SSL Acceleration/Encryption – accessing secure web sites need SSL encryption that is not done by the web server. A reverse proxy running SSL acceleration hardware is required. A reverse proxy server can provide a single SSL proxy to any number of hosts. This negates the need for separate SSL server certificates for each host. The disadvantage in this technique is that all hosts behind the SSL Proxy will have to share a common DNS name or IP address for connections.
- Cache Static Content – A reverse proxy server can cache static content such as pictures etc thus offloading web servers
- Compression – a reverse proxy server can compress and optimize data that will speed up load times.
- Spoon feeding – some clients are slow. Reverse proxy servers can reduce resource usage by spoon feeding content it to the client at a rate it can accept.
- Security – the reverse proxy server adds another layer of security. They can prevent some types Web server and OS targeted attacks.
Proxy Servers – Uses
Filtering – this is a content filtering proxy server allows for administrative control over content that passes through the proxy server. The proxy server ensures that content requested and delivered meets the standard of the acceptable use policy in force. This use of proxy servers is common in public, private, commercial and non commercial establishments. These proxy servers support user authentication, produce logs of URLs visited to keep track of user surfing or in cases to monitor bandwidth uses.
Colleges and universities, schools, work places, government institutions and other entities use this technique to limit web sites visited and on line services.
Caching – these proxy servers reduce the time taken to respond to requests. A web caching server sits between a client and multiple web servers and handles requests but during this process they save copies of the request such as images, files, HTML etc. The next time a similar request is made, the caching proxy server complies by handing out a saved or chached copy rather than going back to the web server. This saves time and reduces loads on the web server. Caching proxy servers are used for the following reasons:
- Latency reduction – because the request is handled by the proxy server, the response is faster thus reducing RTT
- Reduction in Network traffic – since cached material is used multiple times, it reduces bandwidth needed by clients
Cashing Types - web proxy caching servers have copies of prior client requests stored in their caches. Thus they can serve hundreds of thousands of users instantaneously instead of making the request of a web server and then passing the information along. These are often set upo in the firewall itself or may be stand alone devices.
Since cashing proxy servers are not a part of either the client or origin server, but reside outside the network, requests have to be routed to them. A common method to this is through the use interception. Web requests are rerouted to the caching proxy server by the network itself so that clients do not have to be configured to direct the request to caching proxy server.
Caching proxy servers are shared by a large number of users. Due to this, they reduce latency and network congestion through reduction in traffic.
Gateway caches are commonly called reverse proxy caches or surrogate caches. Gateway caches are intermediaries. Instead of being deployed by network admins, webmasters deploy them to make sites perform better, scalable and reliable. Server load balancers are used to make these intermediaries look like origin servers to clients.
If a website is well planned and cached, the site will load faster making the user experience pleasant. This also reduces the load on your server and link. Large corporations spend millions of dollars annually setting up server farms around the world to replicate their content. This makes access faster for their users.
Web Caches – how do they work?
All caching proxy servers adhere to a set of rules that determines when they fulfill a request and how. Some of these rules are protocol based (HTTP 1.0, 1.1) and some set by the administrator. Common rules are:
- If the header of the response instructs the cache not to cache, then it will not.
- An authenticated request such as HTTPS will not be cached
- To ensure only up to date material is sent out, cached material usually has an age controlling header
- If cached material falls outside the age limit, the origin server is asked to validate it or refresh.
DNS Proxy Servers
The purpose of a DNS (Domain Name Server) is to translate IP addresses into domain names or vice versa. A DNS Proxy server forwards DNS queries an Internet Domain Name Serve.
Proxy Implementations
Web Proxy
The function of a web proxy server is to pass on http protocol requests just like any other proxy server. But a web proxy server accepts target URLs within the clients browser window, processes the request and displays content within the client browser itself.
Suffix Proxy
These proxy servers were used to by pass filtering systems. However, with the advent of better filtering techniques, the use of these types of proxy servers have reduced.
Transparent Proxy
A transparent proxy is commonly called intercepting or forced proxy. This proxy server intercepts normal communication without requiring any special client configuration. Clients will not be aware of this proxy. The transparent proxy performs the functions of a router or gateway and is located between the client and the internet.
