Professional Documents
Culture Documents
Proxy server
1
From Wikipedia, the free encyclopedia Proxy server
to deny access to certain URLs in a blacklist, Because they are typically difficult to track,
thus providing content filtering. This is often open proxies are especially useful to those
used in a corporate, educational or library seeking online anonymity, from political dis-
environment, and anywhere else where con- sidents to computer criminals. Apart from
tent filtering is desired. Some web proxies re- these minorities, the majority of anonymity
format web pages for a specific purpose or aficionados will be disappointed by the spam-
audience (e.g., cell phones and PDAs). ming they’ll receive from "free" proxy
AOL dialup customers used to have their services.
requests routed through an extensible proxy Access control: Some proxy servers im-
that ’thinned’ or reduced the detail in JPEG plement a logon requirement. In large organ-
pictures. This sped up performance but izations, authorized users must log on to gain
caused problems, either when more resolu- access to the web. The organization can
tion was needed or when the thinning pro- thereby track usage to individuals.
gram produced incorrect results. This is why Some anonymizing proxy servers may for-
in the early days of the web many web pages ward data packets with header lines such as
would contain a link saying "AOL Users Click HTTP_VIA, HTTP_X_FORWARDED_FOR, or
Here" to bypass the web proxy and to avoid HTTP_FORWARDED, which may reveal the
the bugs in the thinning software. IP address of the client. Other anonymizing
proxy servers, known as elite or high an-
Content-filtering web proxy onymity proxies, only include the
Further information: Content-control REMOTE_ADDR header with the IP address
software of the proxy server, making it appear that the
A content-filtering web proxy server provides proxy server is the client. A website could
administrative control over the content that still suspect a proxy is being used if the client
may be relayed through the proxy. It is com- sends packets which include a cookie from a
monly used in commercial and non-commer- previous visit that did not use the high an-
cial organizations (especially schools) to en- onymity proxy server. Clearing cookies, and
sure that Internet usage conforms to accept- possibly the cache, would solve this problem.
able use policy. However often times mem-
bers who disagree with the policy will revolt Hostile proxy
by dowloading and using their own proxy. Proxies can also be installed in order to
Some common methods used for content eavesdrop upon the dataflow between client
filtering include: URL or DNS blacklists, URL machines and the web. All accessed pages, as
regex filtering, MIME filtering, or content well as all forms submitted, can be captured
keyword filtering. Some products have been and analyzed by the proxy operator. For this
known to employ content analysis techniques reason, passwords to online services (such as
to look for traits commonly used by certain webmail and banking) should always be ex-
types of content providers. changed over a cryptographically secured
A content filtering proxy will often support connection, such as SSL.
user authentication, to control web access. It
also usually produces logs, either to give de- Intercepting proxy server
tailed information about the URLs accessed An intercepting proxy (also known as a
by specific users, or to monitor bandwidth us- "transparent proxy") combines a proxy server
age statistics. It may also communicate to with a gateway. Connections made by client
daemon based and/or ICAP based antivirus browsers through the gateway are redirected
software to provide security against virus and through the proxy without client-side config-
other malware by scanning incoming content uration (or often knowledge).
in real time before it enters the network.. Intercepting proxies are commonly used in
businesses to prevent avoidance of accept-
Anonymizing proxy server able use policy, and to ease administrative
An anonymous proxy server (sometimes burden, since no client browser configuration
called a web proxy) generally attempts to an- is required.
onymize web surfing. There are different It is often possible to detect the use of an
varieties of anonymizers. One of the more intercepting proxy server by comparing the
common variations is the open proxy. external IP address to the address seen by an
2
From Wikipedia, the free encyclopedia Proxy server
external web server, or by examining the prohibits caching of responses where the re-
HTTP headers on the server side. quest contained an authorization header.
3
From Wikipedia, the free encyclopedia Proxy server
4
From Wikipedia, the free encyclopedia Proxy server
system as a proxy server for which the other encrypted with https. The web filter cannot
clients use to access the original proxy serv- distinguish these transactions from, say, a le-
er, consequently altering their access gitimate access to a financial website. Thus,
privileges. content filters are only effective against un-
sophisticated users.
Content filter A special case of web proxies is "CGI prox-
Many work places, schools, and colleges re- ies". These are web sites that allow a user to
strict the web sites and online services that access a site through them. They generally
are made available in their buildings. This is use PHP or CGI to implement the proxy func-
done either with a specialized proxy, called a tionality. These types of proxies are fre-
content filter (both commercial and free quently used to gain access to web sites
products are available), or by using a cache- blocked by corporate or school proxies. Since
extension protocol such as ICAP, that allows they also hide the user’s own IP address from
plug-in extensions to an open caching the web sites they access through the proxy,
architecture. they are sometimes also used to gain a de-
Requests made to the open internet must gree of anonymity, called "Proxy Avoidance".
first pass through an outbound proxy filter.
The web-filtering company provides a data- Suffix proxy
base of URL patterns (regular expressions) A suffix proxy server allows a user to ac-
with associated content attributes. This data- cess web content by appending the name of
base is updated weekly by site-wide subscrip- the proxy server to the URL of the requested
tion, much like a virus filter subscription. The content (e.g. "en.wikipedia.org.6a.nl").
administrator instructs the web filter to ban Suffix proxy servers are easier to use than
broad classes of content (such as sports, por- regular proxy servers. The concept appeared
nography, online shopping, gambling, or so- in 2003 in form of the IPv6Gate and in 2004
cial networking). Requests that match a in form of the Coral Content Distribution Net-
banned URL pattern are rejected work, but the term suffix proxy was only
immediately. coined in October 2008 by "6a.nl".
Assuming the requested URL is accept-
able, the content is then fetched by the
proxy. At this point a dynamic filter may be
Risks of using anonym-
applied on the return path. For example, ous proxy servers
JPEG files could be blocked based on
In using a proxy server (for example, an-
fleshtone matches, or language filters could
onymizing HTTP proxy), all data sent to the
dynamically detect unwanted language. If the
service being used (for example, HTTP server
content is rejected then an HTTP fetch error
in a website) must pass through the proxy
is returned and nothing is cached.
server before being sent to the service,
Most web filtering companies use an
mostly in unencrypted form. It is therefore a
internet-wide crawling robot that assesses
feasible risk that a malicious proxy server
the likelihood that a content is a certain type
may record everything sent: including unen-
(i.e. "This content is 70% chance of porn,
crypted logins and passwords.
40% chance of sports, and 30% chance of
By chaining proxies which do not reveal
news" could be the outcome for one web
data about the original requester, it is pos-
page). The resultant database is then correc-
sible to obfuscate activities from the eyes of
ted by manual labor based on complaints or
the user’s destination. However, more traces
known flaws in the content-matching
will be left on the intermediate hops, which
algorithms.
could be used or offered up to trace the
Web filtering proxies are not able to peer
user’s activities. If the policies and adminis-
inside secure sockets HTTP transactions. As
trators of these other proxies are unknown,
a result, users wanting to bypass web filter-
the user may fall victim to a false sense of se-
ing will typically search the internet for an
curity just because those details are out of
open and anonymous HTTPS transparent
sight and mind.
proxy. They will then program their browser
The bottom line of this is to be wary when
to proxy all requests through the web filter to
using anonymising proxy servers, and only
this anonymous proxy. Those requests will be
use proxy servers of known integrity (e.g.,
5
From Wikipedia, the free encyclopedia Proxy server
6
From Wikipedia, the free encyclopedia Proxy server
• SSH Secure Shell can be configured to [2] Thomas, Keir (2006). Beginning Ubuntu
proxify a connection, by setting up a Linux: From Novice to Professional.
SOCKS proxy on the client, and tunneling Apress. "A proxy server helps speed up
the traffic through the SSH connection. Internet access by storing frequently
• Sun Java System Web Proxy Server is a accessed pages"
caching proxy server running on Solaris, [3] Site at www.guardster.com
Linux and Windows servers that supports [4] "Everyone’s Guide to By-Passing Internet
http://https, NSAPI I/O filters, dynamic Censorship". http://www.civisec.org/
reconfiguration, SOCKSv5 and reverse guides/everyones-guides.
proxy. [5] "Proxies". Tech-FAQ. http://www.tech-
• TcpCatcher is a free TCP and HTTP(S) faq.com/phproxy-proxies.shtml.
proxy server for educational and
development purposes. It allows you to
modify packets on the fly.
See also
• WinGate is a multi-protocol proxy server • Captive portal
and NAT solution that can be used to • Internet privacy
redirect any kind of traffic on a Microsoft • Proxy list
Windows host. • SOCKS
• yProxy is an NNTP proxy server that • Transparent SMTP proxy
converts yEnc encoded message • Web cache
attachments to UUEncoding, complete • HTTP
with SSL client support. • ICAP
• Zeus functions as both a forward and
reverse proxy server. It operates on
Solaris, FreeBSD and Linux.
External links
• Proxy software and scripts at the Open
Directory Project
References • Free web-based proxy services at the
[1] "How-to". Linux.org. Open Directory Project
http://www.linux.org/docs/ldp/howto/ • Free http proxy servers at the Open
Firewall-HOWTO-11.html#ss11.4. "The Directory Project
proxy server is, above all, a security
device."
This page was last modified on 21 May 2009, at 12:31 (UTC). All text is available under the
terms of the GNU Free Documentation License. (See Copyrights for details.) Wikipedia® is a
registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-
deductible nonprofit charity. Privacy policy About Wikipedia Disclaimers