쥐스킨트의 작은 서재

Proxy server

In computer networks, a proxy server is aserver (a computer system or an application) that acts as an intermediary forrequests from clients seeking resources from other servers. A client connectsto the proxy server, requesting some service, such as a file, connection, webpage, or other resource available from a different server and the proxy serverevaluates the request as a way to simplify and control its complexity. Proxieswere invented to add structure and encapsulation to distributed systems. Today,mots proxies are web proxies, facilitating access to content on the World WideWeb and providing anonymity.

Uses

Monitoringand filtering

-      Content-control software

A content-filtering web proxy server provides administrative controlover the content that may be relayed in one or both directions through theproxy. It is commonly used in both commercial and non-commercial organizations(especially schools) to ensure that Internet usage conforms to acceptable usepolicy.

A content filtering proxy will often support user authentication, tocontrol web access. It also usually produces logs, either to give detailed information about the URLs accessedby specific users, or to monitor bandwidth usage statistics. It may alsocommunicate to daemon-based and/or ICAP-based antivirus software to providesecurity against virus and other malware by scanning incoming content in realtime before it enters the network. 

-      Filtering of encrypted data

Web filtering proxies are not able to peer inside secure socketsHTTP transactions, assuming the chain-of-trust of SSL/TLS has not beentampered with.

The SSL/TLS chain-of-trust relies on trusted root certificateauthorities. In a workplace setting where the client is managed by theorganization, trust might be granted to a root certificate whose private key isknown to the proxy. Consequently, a root certificate generated by the proxy isinstalled into the browser CA list by IT staff.

In such situations, proxy analysis of the contents of a SSL/TLStransaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client’s trust of a root certificate theproxy owns.

-      Bypassing filters and censorship

If the destination server filters content based on the origin of therequest, the use of a proxy can circumvent this filter. For example, a serverusing IP-based geolocation to restrict its service to a certain country can beaccessed using a proxy located in that country to access the service.