代理服务器和反向代理服务器

1) 概念

代理服务器: 代理内部网络去访问外部Internet的连接请求

反向代理服务器: 代理外部网络上的主机访问内部网络

反向代理在外部就被当作一个web服务器,而外部却不需要配置直接当作web服务器访问,但是这个反向代理没有保存网页真实数据,所有的资源都保存在内部的web服务器上,这样即使攻击了反向代理,却不会更改资源,从而加强安全

2) Difference

First of all, the word proxy describes someone or something acting on behalf of someone else.

In the computer realm, we are talking about one server acting on the behalf of another computer.

For the purposes of accessibility, I will limit my discussion to web proxies, however, the idea of a proxy is not limited to web sites.

FORWARD proxy

Most discussion of web proxies refers to the type of proxy known as a "forward proxy."

The proxy event in this case is that the "forward proxy" retrieves data from another web site on behalf of the original requestee.

A tale of 3 computers (part I)

For an example, I will list three computers connected to the internet.

  • X = your computer, or "client" computer on the internet
  • Y = the proxy web site, proxy.example.org
  • Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z.

However, in some scenarios, it is better for Y --> Z on behalf of X, which chains as follows: X --> Y --> Z.

Reasons why X would want to use a forward proxy server:

Here is a (very) partial list of uses of a forward proxy server.

  • 1) X is unable to access Z directly because

    • a) Someone with administration authority over X's internet connection has decided to block all access to site Z.

      • Examples:

        • The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.

        • Employees at a large company have been wasting too much time on myspace.com, so management wants access blocked during business hours.

        • A local elementary school disallows internet access to the playboy.com web site.

        • A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TORor FreeNet.

    • b) The administrator of Z has blocked X.

      • Examples:

        • The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's ip address (and/or netrange).

        • Z is a forum web site. X is spamming the forum. Z blocks X.

REVERSE proxy

A tale of 3 computers (part II)

For this example, I will list three computers connected to the internet.

  • X = your computer, or "client" computer on the internet
  • Y = the reverse proxy web site, proxy.example.com
  • Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z.

However, in some scenarios, it is better for the administrator of Z to restrict or disallow direct access, and force visitors to go through Y first. So, as before, we have data being retrieved by Y --> Z on behalf of X, which chains as follows: X --> Y --> Z.

What is different this time compared to a "forward proxy," is that this time the user X does not know he is accessing Y. A Reverse Proxy is typically less visible than a "forward proxy", and requires no configuration or special knowledge by the client, X.

The client X probably thinks he is visiting Z directly (X --> Z), but the reality is that Y is the invisible go-between (X --> Y --> Z again).

Reasons why Z would want to set up a reverse proxy server:

  • 1) Z wants to force all traffic to its web site to pass through Y first.
    • a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers, and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works.
  • b) The administrator of Z is worried about retaliation for content hosted on the server, and does not want to expose the main server directly to the public.
    • a) Owners of Spam brands such as "Canadian Pharmacy" appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server.

In the above scenarios, Z has the ability to choose Y.

Links to topics from the post:

Content Delivery Network

forward proxy software (server side)

reverse proxy software for HTTP (server side)

reverse proxy software for TCP (server side)

see also:

转载: http://stackoverflow.com/questions/224664/difference-between-proxy-server-and-reverse-proxy-server
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值