Proxy

Proxy

It works as an intermediary between two identical protocols.

Instead of Layer-3 gateways, proxy can also see the full stream of data, analyze HTTP headers and implement new functions. The main possible functions are:

Caching

It's used to reduce traffic directed to the server. The proxy does the most expensive job, managing all the requests of the same page of the server. After the request of the page for the first time, the proxy asks the page to the server and then stores in its system, before replying.

Hence the next clients requests of the same page will be manage only by proxy because the page was already stored in its system. In this case the server needs to manage only a request by proxy and provide a response to proxy.

Caching without proxy

Caching with proxy

Filtering

The proxy can do two actions:

• Filtering the requested resource by the client there are many companies that doesn't give access to some services (E.g. no access to Facebook, Youtube, ...). We cannot use a filtering approach at lower levels because in some cases clients can access to services through intermediate addresses, different from the one we want to reach. Hence we need to analyze the HTTP request at upper layer

• Filtering the content of the response for example for parent control approach

Web Application Firewall (WAF)

The proxy is specialized and used to block suspicious requests. This is done by analyzing request content, looking for not secure pattern.

A possible pattern can be ".." in the path of the resource, that could give access to not accessible part of the File System (injection). Another possible pattern could be a suspicious parameter for a web application to manage SQL database (SQL injection).

Load Balancing

The proxy is a load balancer for the clients requests to the server.

There are many servers to manage requests by client. The client makes the request of the web page but in the reality it's talking with the proxy, that manage the request by sending it to a particular server. This action is repeated for each client's request. Hence the client thinks that is talking to one server but in reality, the proxy distribute the requests among several servers.

Types of Proxies

1. HTTP Proxy

   • Description: The most common proxies used to manage HTTP (HyperText Transfer Protocol) traffic.

   • Intercepted Traffic: Only HTTP traffic, meaning requests and responses from a web browser.

   • Additional Features:

     • Caching to improve browsing speed.

     • Content filtering to block unwanted websites.

     • Logging of HTTP requests to monitor traffic.

2. HTTPS Proxy (SSL Proxy)

   • Description: Similar to HTTP proxies, but capable of handling HTTPS (secure HTTP) traffic.

   • Intercepted Traffic: HTTPS (secure HTTP) traffic, which is encrypted. The HTTPS proxy can "intercept" the traffic by decrypting the communication between the client and the server.

   • Additional Features:

     • Filtering and logging of HTTPS traffic.

     • Intercepting HTTPS content (for example, to monitor the use of secure websites).

3. SOCKS Proxy (SOCKS5)

   • Description: SOCKS proxies are more versatile than the previous proxies as they support a wide range of network protocols. The most common is SOCKS5, which supports both TCP and UDP.

   • Intercepted Traffic: Can intercept traffic from any protocol that uses TCP or UDP, including:

     • Web browsing (HTTP/HTTPS).

     • P2P (Peer-to-Peer).

     • FTP traffic.

     • Email (SMTP, POP3, IMAP).

     • Online gaming traffic and other services using UDP.

   • Additional Features:

     • Advanced privacy, as traffic is not manipulated in detail like HTTP or HTTPS proxies.

     • Ability to manage non-web traffic (e.g., torrenting, online games, VoIP).

4. Transparent Proxy

   • Description: Transparent proxies are invisible to the client. A transparent proxy is often used for caching and content filtering at the network level or for traffic analysis.

   • Intercepted Traffic: All traffic passing through the network, with no specific configuration required from the user. It's commonly used for filtering and monitoring.

   • Additional Features:

     • Content caching to reduce bandwidth usage.

     • Monitoring and filtering of requests.

     • Primarily used in business or school environments.

5. Reverse Proxy

   • Description: A reverse proxy is configured to accept requests from external clients and forward them to an internal server, masking the internal server behind the proxy. It is mainly used to distribute traffic to web servers, improve security, and manage load balancing.

   • Intercepted Traffic: Incoming traffic (client to server). Used to balance traffic across multiple servers or to hide the backend infrastructure.

   • Additional Features:

     • Load balancing.

     • Additional security by hiding the true identity of internal servers.

     • Caching and content optimization.

---

Types of Traffic Interceptable by Proxies

1. HTTP and HTTPS Traffic

   • HTTP: Classic web traffic, without encryption.

   • HTTPS: Encrypted traffic, which is "decrypted" by HTTPS proxies, allowing them to monitor and filter content even on secure connections.

2. TCP/UDP Traffic

   • SOCKS proxies can intercept all types of traffic based on TCP and UDP, including services such as:

     • FTP (File Transfer Protocol).

     • VoIP (Voice over IP).

     • P2P (Peer-to-Peer), such as torrents.

     • Online gaming and other services using UDP.

3. DNS Traffic

   • Proxies can also manage DNS (Domain Name System) traffic. For example, a DNS proxy or DNS resolver can intercept DNS requests, for instance, to block unwanted sites or log requests.

4. Email Traffic

   • Proxies can also monitor SMTP (Simple Mail Transfer Protocol) and POP3/IMAP email traffic for email control. This is mainly done in business contexts to filter unwanted emails or monitor email traffic.

5. VPN Traffic

   • A proxy can intercept VPN traffic, but depending on the type of VPN (e.g., OpenVPN), it may not be able to decrypt the data unless it's specifically configured to do so.

6. P2P and BitTorrent Traffic

   • SOCKS5 proxies are used to intercept and route P2P and BitTorrent traffic, which often passes through UDP ports, not always easily monitored by simpler proxies.

---

Upstream Proxy

An upstream proxy is a proxy that sits "upstream" from the main proxy or the server you're trying to connect to. It is a proxy that receives requests from another proxy or client and forwards them to an end server.

Characteristics of an Upstream Proxy

• Function: It sits between the client and the end server, acting as an intermediary to send the request to another proxy server or the destination server.

• Common Usage: Upstream proxies are often used in cascading proxy setups, where one proxy sends requests to another proxy that then forwards the request to the end server. This is useful, for example, when you want a centralized proxy to manage requests from multiple users.

• Position in the Network: An upstream proxy can be used to improve traffic management or implement security and traffic control policies.

Example of Use

• A client sends a request to a proxy (the main proxy).

• The main proxy sends the request to an upstream proxy.

• The upstream proxy then forwards the request to the destination server (e.g., the website you're trying to visit).

Downstream Proxy

A downstream proxy is the opposite of an upstream proxy: it is a proxy that sits "downstream" from the main proxy, meaning it is the proxy that receives traffic or requests that have already passed through other proxies or servers. This proxy acts as a "final destination" for traffic that has passed through other network devices.

Characteristics of a Downstream Proxy

• Function: It sits between the main proxy and the end server, managing responses from destination servers and forwarding them to the final client.

• Common Usage: It is used when advanced caching solutions are needed or to monitor and filter outgoing traffic.

• Position in the Network: A downstream proxy can also be used to manipulate traffic coming from upstream proxies or other sources before it is sent to the client.

Example of Use

• A client sends a request to a main proxy.

• The request passes through an upstream proxy, which sends it to the destination server.

• The response from the destination server is sent to the downstream proxy, which then forwards it to the final client.

Difference Between Upstream and Downstream Proxy

• Upstream proxy: Manages outgoing traffic from a proxy and forwards it to another server or proxy.

• Downstream proxy: Manages incoming traffic from a server and forwards it to the client.

Example Network Architecture with Upstream and Downstream Proxy

In a complex network, there may be a setup with multiple cascading proxies where upstream and downstream proxies work together to manage traffic:

1. Client: Makes a request to visit a website.

2. Local Proxy (Upstream): The client connects to a proxy, which might be configured to send traffic to a higher-level proxy or central server.

3. Central Proxy: This proxy could be configured to apply security or filtering policies and then forward the request to an upstream proxy (another proxy server).

4. Downstream Proxy: Once the request is fulfilled by the destination server, the response can be sent to the downstream proxy, which finally forwards it to the client.