Intercepting proxy server

Intercepting proxy combines a proxy server with a gateway or router (usually with NAT capabilities). Connections made by client browsers through gateway will be used for the proxy without client-side configuration (or often knowledge). Connections can also be diverted from a SOCKS server or proxies other circuit-level.

Intercepting proxies are also commonly known as “transparent” proxies, or “forced” proxies, presumably due to the existence of the proxy is transparent to the user, or the user is forced to use the proxy regardless of the locale.

Purpose

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease the administrative burden, since no client browser configuration is required. The second reason however, is mitigated by features such as Group Policy in Active Directory or DHCP and automatic detection of proxy.

Intercepting proxies are also commonly used by ISPs in some countries to save upstream bandwidth and improve customer response times by caching. This is more common in countries where bandwidth is limited (eg, island nations) or must be paid.

Some Known Issues

The diversion / interception of a TCP connection creates several problems. First, the original IP and port of destination must somehow be communicated to the proxy. This is not always possible (for example, when the proxy gateway and be in different machines). There is a kind of cross site attacks that rely on some practices of intercepting proxies that do not make or have access to information on the original (intercepted) destination. This problem can be solved by using an integrated package of standard and application-level device or software that is then able to communicate this information between the controller and proxy package.

Intercept also creates problems for HTTP authentication, specifically oriented to the connection as NTLM authentication because the client browser thinks he is talking to a server instead of a proxy. This can cause problems in an intercepting proxy requires authentication, the user connects to a site that also requires authentication.

Finally intercept connections may cause problems to the HTTP caches, as some requests and responses become uncacheble by a shared cache.

Therefore intercept connections is generally discouraged. however, due to the simplicity of the implementation of such systems, which are widely used.

Detection

It is often possible to detect the use of a proxy server to intercept by comparing the external address of the client IP address seen by an external web server, or sometimes by examining the HTTP headers received by a server. A number of sites have been created to address this problem, to inform the user’s IP address.

Beware From Hostile proxy

Proxies may also be installed to listen to the flow of data between client computers and the web. All pages visited and all forms submitted, can be captured and analyzed by the proxy operator. For this reason, passwords to online services such as mailing info, credit card  and anything related to banking should always be exchanged via a industry standard cryptographically secure connection  SSL.

Anonymizing proxy server

By using anonymous proxy server a person cannot be identified online,anonymous proxy server generally attempts to anonymize web surfing. There are different kinds of anonymizers. One of the most common form is the open proxy. Because they are typically difficult to trace, open proxies are especially useful for those seeking anonymity  online, such as political prisoners and cybercriminals. Some users are only interested in anonymity for security, hiding their identities from potentially malicious web sites, or in principle to provide the constitutional rights of freedom of expression, . The server receives requests from the proxy server anonymous, and therefore receives no information on the direction of the end user. However, the requests are not anonymous to anonymous proxy server, and thus a degree of trust is present between the server and the user. Many are financed through a continuous link advertising to the user.

Content-filtering web proxy

Content-filtering web proxy server provides administrative control over the content that can be transmitted through the proxy. It is commonly used in both commercial organizations and non-commercial  to ensure that Internet usage adapts to the policy of acceptable use. In some cases, users can bypass the proxy, as there are services designed to proxy information from a website filtered through an unfiltered site that can be submitted via the proxy users.

Some common methods used for content filtering include: URL or DNS blacklists, URL regex filtering, MIME filtering, or keyword content filtering. Some products have been known to employ content analysis techniques to look for traits commonly used by certain types of content providers.

A content filtering proxy often support user authentication to control web access. It also usually produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor statistics of bandwidth usage. You can also contact the daemon based and / or antivirus software based on the ICAP to provide security against viruses and other malware by scanning incoming content in real time before entering the network.

Web proxy

The most common use of a web proxy is to serve as a Web cache. Most proxy programs provide a means to deny access to URL specified in a blacklist, thus providing content filtering. This is often used in a corporate environment, education or library, and in any other place where content filtering is desired. Some web proxies reformat web pages for a specific purpose or audience, such as for mobile phones and PDAs.

Caching proxy server

Caching proxy server accelerates service requests by gathering content saved from a previous request made by the same client or even other clients. The caching proxy to maintain local copies of frequently requested resources, allowing the big stores to significantly reduce their consumption of upstream bandwidth and cost, while significantly increasing performance. Most ISPs and large enterprises have a proxy cache. These machines are built to deliver excellent performance file system (often with RAID and the newspaper) and also contains hot-rodded versions of TCP., Should be noted that the proxy cache was the first type of proxy server.

Another important use of the proxy server is to reduce the cost of hardware. An organization may have many systems on the same network or under the control of a single server, it prohibits the possibility of a single Internet connection for each system. In this case, individual systems can be connected to a proxy server and proxy server connected to the server.

Proxy Server Explained

A proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client’s request or the server’s response, and sometimes it may serve the request without contacting the specified server. In this case, it ‘caches’ responses from the remote server, and returns subsequent requests for the same content directly.

A proxy server has many potential purposes, including:

  • To keep machines behind it anonymous (mainly for security).
  • To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
  • To apply access policy to network services or content, e.g. to block undesired sites.
  • To log / audit usage, i.e. to provide company employee Internet usage reporting.
  • To bypass security/ parental controls.
  • To scan transmitted content for malware before delivery.
  • To scan outbound content, e.g., for data leak protection.
  • To circumvent regional restrictions.

A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user’s local computer or at various points between the user and the destination servers on the Internet.

A reverse proxy is (usually) an Internet-facing proxy used as a front-end to control and protect access to a server on a private network, commonly also performing tasks such as load-balancing, authentication, decryption or caching.