Providing services on the Internet is part and parcel of day-to-day work in a company nowadays, but you don’t always want the server to be directly accessible from the Internet when doing so. A reverse proxy can control access in such cases using ACLs (access control lists). The reverse proxy can also reduce the number of IP addresses required, as it can provide access to multiple systems behind one IP.
Web Proxy and Reverse Proxy
There are two different types of proxy servers. They differ in the direction from which access occurs.
A typical web proxy, like Squid, for example, calls up web content requested by clients, caches it, and supplies the cached version to all subsequent clients. Websites can send an expiry date for the cached contents via their header. If they do not do so, Squid can be equipped with an overall refresh pattern to update the cached content accordingly.
The second type of proxy functions in precisely the opposite way. The proxy provides content from one or multiple internal web servers to external clients. The number of clients and services is of no importance.
What are the Advantages Offered by a Reverse Proxy?
Reverse proxies can increase network security as they make it possible to configure access to web content and the web server is only made available via a defined and controlled intermediate step instead of being placed directly on the Internet. Besides, the caching can relieve the strain on the web servers, and the reverse proxy can distribute accesses to the websites across multiple web servers in a classic load-balancing scenario. A reverse proxy also works as an SSL endpoint. All SSL-encrypted connections terminate at the proxy system, which can also relieve the strain on the web servers and, under certain circumstances, allows other options such as effective caching, which might not be possible with encrypted connections. Last, but not least, a reverse proxy can also reduce the number of external IP addresses. In this case, one proxy provides multiple services under different DNS names. These can also be made available in an encrypted form again.
Where do we Use Web Proxies?
As a standard web proxy, Squid is among the feature of UCS@school. In this setting, Squid caches frequently visited websites to be able to provide clients at the school with a high-performance version. Caching is a considerable advantage in sites with poorer Internet connections in particular. Additionally, Squid performs the user authentication – in other words, only users with an account in UCS and who can log in are permitted access to the Internet. In the case of Squid, the authentication is performed automatically in the background via Kerberos or NTLM – no user interaction is required. SquidGuard works together with Squid in UCS@school to block and approve Internet sites.