Also called a "proxy," it is a computer system or router that breaks the connection between sender and receiver. Functioning as a relay between client and server, proxy servers help prevent an attacker from invading a private network and are one of several tools used to build a firewall.|
The word proxy means "to act on behalf of another," and a proxy server acts on behalf of the user. All requests from clients to the Internet go to the proxy server first. The proxy evaluates the request, and if allowed, re-establishes it on the outbound side to the Internet. Likewise, responses from the Internet go to the proxy server to be evaluated. The proxy then relays the message to the client. Both client and server think they are communicating with one another, but, in fact, are dealing only with the proxy.
Address Translation and Caching
The proxy server is a dual-homed host with two network interfaces and two IP addresses. The IP address on the outbound side of the proxy is the one the Internet sees, and the address of the machine making the request is hidden to the outside world. Proxies are often used in conjunction with network address translation (NAT), which hides all the IP addresses of the client machines on the internal network. Proxy servers may also cache Web pages, so that the next request for that same page can be obtained much faster locally. See NAT and proxy cache.
Anonymous proxy servers let users surf the Web and keep their IP address private (see anonymous proxy). Although not specifically called a proxy, Internet e-mail (SMTP) is a similar concept because it forwards mail. Messages are not sent directly from client to client without going through the mail server. Likewise, the Internet's Usenet news system (NNTP) forwards messages to neighboring servers. See firewall.
Application Level and Circuit Level
Proxy servers are available for common Internet services; for example, an HTTP proxy is used for Web access; an FTP proxy is used for file transfers. Such proxies are called "application-level" proxies or "application-level gateways," because they are dedicated to a particular application and protocol and are aware of the content of the packets being sent. A generic proxy, called a "circuit-level" proxy, supports multiple applications. For example, SOCKS is IP-based circuit-level proxy server software that supports TCP and UDP applications (see SOCKS).
Forward and Reverse Proxies
In this definition, the proxy servers are used to hide the details of the clients from the servers and are thus known as "forward proxies." However, they can also reside at the Web site to hide the details of the servers from the clients (see reverse proxy).
In this LAN server illustration, the proxy server sits between two routers in what is known as a "demilitarized zone." See