What is Proxy Server?
To know this first we need to know what is meant by Proxy ?
It means — To represent someone. or to be authorised to act on behalf of someone.
Consider the case of a client accessing any website. What’s happening? The client sends a http request to server which is listening on the port 80( default port of http). Now the server processes the request and sends the response and client gets the response. The browser parses the response and the rendering engine paints the webpage. In simple terms, the client accesses the website (let www.example.com ).
Proxy Server — A Proxy server is computer/program which acts as intermediary between the client and the server. That means, now, the request is not directly sent by the client but by the proxy server on behalf of client and the response is also served to proxy-server (which then sends back to client).
Client →proxy-server → HTTP Server (Request)
And also the response is served from the server to proxy server which in turn sends the response to actual client.
Client ← Proxy-server ← HTTP Server (Response)
Now as this client sends the request directly to server there are many things happening that leads to thought of having a proxy server.
Proxy Server Pros:
- Security — the server never knows the clients address
- Caching — the server caches most visited pages.
- Auditing — Companies uses proxy server to keep track of all the site employees visit.
- Access Control — Proxy server can block some of site.(as done in schools, colleges and institutes)
Access Enhancement — Proxy server can be used to get access to limited sites. (Interesting Contrast!)
How this happens? Actually our institute’s proxy setting prevents us from using some sites say facebook.com. But we add additional proxy server by using VPNs and we are no more we . So our request address changes and hence enable us to access facebook.com
Now the main part.
Most people know or think about only client side proxy sever. That, A client accesses a website( a URL) via a mediator i.e., proxy server and not by sending the request directly. So, the Server gets the request from proxy -server (and sends back to proxy-server) and never knows that who is real client.
But, Can the severs also do the same to hide their actually identity.(or say actual IP address?) It feels like a need.Isn’t it? If server’s address is visible, it can be easily used by attacked/hacker to attack on.
Can Servers Also use Proxy server? Why? How?
The answer is YES. And which is the case in most of the real scenario. If you have used the services (or server setting using digital ocean like platforms, you might know it).[don’t worry, I’ll tell]
There’s a term for it, reverse-proxy.
Let understand with an example.
Let you create a node app in your local machine which runs on port say 5000. Suppose you host the same project on a real server which (usually called app-sever) you have to access using localhost:5000 from within the server and using 22.214.171.124:5000 (suppose it’s server’s public IP) from any other computer connected to internet.
If that is the case, this means that the server is serving directly without using any proxy server. When the actual IP Address of server is visible on internet, It is more prone to attack ( and usually the first requirement if you have used tools like wireshark). So it should be ensured that the IP address of APP-server should not be visible to public. So how to sever the webpage then?
The answer is proxy-server. In this scenario, all requests from clients will be served through proxy-server ( which will internally talk to app-server) without client being able to notice a difference.(WHY? Because client usually uses/enters a website/domain name [which is resolved to an address of the server to make actual request using DNS Name resolution technique] and client doesn't care to remember IP addresses and all.
Here’s how it goes.
Normal Scenario —
Client → (Request) →App-Server(IP address visible publicly)
Client ← (Response) ← App-Server
In normal scenario, App-server is actual server client wants to talk/connect. But using proxy, Scenario is something like this —
Client → (Request) →Proxy-Server (IP address visible publicly) →(private connection) → App-server
Client ← (Response) ← Proxy-Server ← App-server (response)
Also, there is a mapping between addresses — Address of app-server with port 5000 is mapped to public IP of proxy server at port 80, so that client need not add the port address each time they visit the site.
In last very short, optional video if you want to watch —
Thanks for reading. Suggestions are welcome, if any.