web proxies

1

3

Web Proxies

Web Protocols and Practice

2

Topics


WEB PROXIES

Web Proxy Definition Three of the Most Common Intermediaries Classification of Proxies Gateway to non-HTTP Systems Filtering Request and Responses Request-Response Exchange with a Proxy Handling HTTP Requests and Responses Proxy Chaining and Hierarchies Proxy Configuration Proxy Privacy Issues Other kinds of Proxies

3

Web Proxy Definition


WEB PROXIES

A Web proxy is an intermediary program that could be on the same machine or on a machine different form where the request originated.

A Web proxy acts on behalf of a set of clients in communication with servers.

A proxy acts as a server to clients and as a client to other proxies or origin servers.

4

Web Proxy Definition


WEB PROXIES

A Web proxy is used for Sharing of resource access Caching of responses Anonymization Transformation of requests and responses Filtering requests/responses

5

Three of the Most Common Intermediaries


WEB PROXIES

Three of the most common intermediaries are Proxy

» An intermediary program which acts as both a server and a client for the purpose of forwarding requests.

Gateway» A server that typically acts as an intermediary for a

non-HTTP server such as a mail or FTP server. Tunnel

» An intermediary program that relays bits between two connections and acts at the syntactic level, unlike a proxy or gateway; it does not parse or interpret the HTTP message following through it.

6 Web Protocols and Practice

WEB PROXIES

B

A

A

Client 1

Client 2

Client 3GET A

GET A

GET B

Proxy Server 2

Server 1

GET B

GET A

Figure 3.1. Proxy as an intermediary between a client and an origin server


WEB PROXIES

Figure 3.1 demonstrates a proxy playing the role of client and server. Client 1’s request for resource B being forwarded by the proxy to server 1 and the response returned to the client. This response is not cached. The request from client 2 for resource A is forwarded to server 2, but the response is cached in the proxy and returned to the client. Now, when client 3 requests for resource A, the request is not forwarded by the proxy; instead a cached copy of resource A is returned to client 3.

8

Classification of Proxies


WEB PROXIES

Proxies can be divided to: Caching proxy

» Proxies that have caches associated with them. Transparent proxy

» Proxies that do not modify messages as they flow through them.

9

Gateway to non-HTTP Systems


WEB PROXIES

A proxy can play the role of an intermediary like gateway to other systems that communicate using non-HTTP.

In communicating between a Web client and a FTP server, proxy acts as a gateway, because the client and server do not speak the same protocol (Figure 3.2).


WEB PROXIES

F

A

Client 1

Client 2

Client 3 GET mail resource M

GET A

GET ftp-resource F

Proxy Mail server

FTP server

Figure 3.2. Proxy acting as a gateway to FTP,HTTP, and mail servers

A

F

HTTP server

M


WEB PROXIES

Figure 3.2 shows how an proxy acts as a gateway to an FTP and mail server while also playing the role of an HTTP proxy.

A Web client sends a request to an FTP server via a proxy. The request to the proxy is a regular HTTP request. The proxy first converts the Web client’s request into an FTP request. Similarly, the proxy can act as a gateway to a mail server and obtain a mail resource M. The proxy would return the file to the Web client in the form of an HTTP response.

12

Filtering Requests and Responses


WEB PROXIES

A proxy filters improper requests and responses based on

Destination sites Characteristics (response size) Performance Security

13

Request-Response Exchange with a Proxy


WEB PROXIES

A proxy can play the role in handling HTTP requests and responses. Various steps involved when a proxy is present in the path of a request from a browser to an origin server (Figure 3.3).


WEB PROXIES

Figure 3.3. Steps in a browser process with proxy in the path

URL

BrowserDNS server

Origin server

Proxy

1 DNS query

4

DN

S query

2 TCP connection

3 HTT Request

8 HTTP Response

9 optional parallel connection

5 TCP connection

6 HTT Request

7 HTTP Response

10 optional parallel connection


WEB PROXIES

Figure 3.3 shows that upon the user’s selection of a URL, the browser does the Domain Name System (DNS) lookup of the proxy and then sets up a TCP connection to the proxy (steps1 and 2). The HTTP request form the browser (step 3) triggers the proxy to do the DNS lookup of the origin server (step4). The proxy sets up a TCP connection to the origin server and then sends the HTTP request to the origin server (steps 5 and 6). The response from the origin server is sent back to the proxy, which forwards it to the browser (steps 7 and 8). The browser might set up optional parallel connections to the proxy, and the proxy may set up its own optional parallel connections to the origin server (steps 9 and 10).

16

Handling HTTP Requests and Responses


WEB PROXIES

A proxy must be able to abide by several requirements like:

Syntactic requirements Semantic requirements

17

Syntactic Requirements


WEB PROXIES

Syntactic requirements typically concern headers that a proxy add to messages and modifications of existing headers.

18

Semantic Requirements


WEB PROXIES

The semantic requirements include proper handling of requests and responses and obeying the constraints on returning cached responses.

19

Handling HTTP Requests and Responses


WEB PROXIES

The various requirements (syntactic and semantic) fall into the following categories:

Identification Version number change Adding obligatory information about the resource Semantic neutrality Handling delays and buffering State maintenance and policy issues Practical implementation issues Handling cookies

20

Proxy Chaining and Hierarchies


WEB PROXIES

A user’s request and origin server’s response may travel through several proxies chained together. (Figure 3.4)

A set of proxies within an organization may be connected in a hierarchy. A regional proxy may be connected to other regional proxies, which in turn may be connected to a national proxy. This way is useful for reducing

Communication costs Communication latency

21

Client Proxy-1 Proxy-2 Proxy-nOrigin Server


Figure 3.4. Proxy chain on the Web


WEB PROXIES

Figure 3.4 shows that a message form a user agent may traverse through multiple servers before it reaches the origin server. Often, rather than a simple linear pipeline, the intermediate servers have other servers connected to them as well on both sides.

23

Proxy Configuration


WEB PROXIES

A user can configure a browser to set various physical and semantic attributes.

In the case of proxies, end users do not have any influence in changing configuration information associated with a proxy such as its cache size or frequency of revalidation.

24

Proxy Privacy Issues


WEB PROXIES

A proxy is aware of many details that affects the privacy of the user.

A proxy is viewed as a trusted intermediary. To keep user’s privacy, a proxy must act as a

tunnel and providing end-to-end encryption.

25

Other kinds of Proxies


WEB PROXIES

Reverse proxies Proxies had to be positioned closer to the origin

server to » Reduce the load on servers» Prevent the origin server from being vulnerable » Balance the load between the set of servers» Access to origin servers behind a firewall

26

Other kinds of Proxies


WEB PROXIES

Interception proxies A proxy that either directly examines network

traffic and intercepts Web traffic or receives redirected traffic flow from network elements performing traffic interception.

Interception proxies were called Transparent proxies in the industry.

web proxies

Documents

responsesweb protocols

practicetopicsweb protocols

proxyweb protocols

webweb protocols

hierarchiesweb protocols

practiceweb proxiesgateway

practiceweb proxiesthree

practiceweb proxiesclientproxy