Editing Proxy server (section)

==Types==
A proxy server may reside on the user's '''local computer''', or at any point between the user's computer and destination servers on the [[Internet]]. A proxy server that passes unmodified requests and responses is usually called a [[gateway (computer networking)|gateway]] or sometimes a ''tunneling proxy''. A forward proxy is an Internet-facing proxy used to retrieve data from a wide range of sources (in most cases, anywhere on the Internet). A [[reverse proxy]] is usually an internal-facing proxy used as a front-end to control and protect access to a server on a private network. A reverse proxy commonly also performs tasks such as [[Load balancing (computing)|load-balancing]], [[Authentication protocol|authentication]], [[Encryption|decryption]], and [[Cache (computing)|caching]].<ref>{{Cite web|title=Proxy servers and tunneling|url=https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling|access-date=2020-12-06|website=MDN Web Docs|language=en|archive-date=26 November 2020|archive-url=https://web.archive.org/web/20201126050800/https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling|url-status=live}}</ref>

===Open proxies===
[[File:Open proxy h2g2bob.svg|thumb|upright=1.3|alt=Diagram of proxy server connected to the Internet.|An open proxy forwarding requests from and to anywhere on the Internet]]
An [[open proxy]] is a [[Store and forward|forwarding]] proxy server that is accessible by any Internet user. In 2008, network security expert [[Gordon Lyon]] estimated that "hundreds of thousands" of open proxies are operated on the Internet.<ref name="nmap" />

* [[Anonymous proxy]]: This server reveals its identity as a proxy server but does not disclose the originating [[IP address]] of the client. Although this type of server can be discovered easily, it can be beneficial for some users as it hides the originating IP address.
* ''Transparent proxy:'' This server not only identifies itself as a proxy server, but with the support of [[List of HTTP header fields|HTTP header fields]] such as <code>X-Forwarded-For</code>, the originating IP address can be retrieved as well. The main benefit of using this type of server is its ability to cache a website for faster retrieval.

===Reverse proxies===
{{main|Reverse proxy}}
[[File:Reverse proxy h2g2bob.svg|thumb|upright=1.3|alt=A proxy server connecting the Internet to an internal network.|A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests connect to the proxy and may not be aware of the internal network.]]
A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Reverse proxies send requests to one or more ordinary servers that handle the request. The response from the original server is returned as if it came directly from the proxy server, leaving the client with no knowledge of the original server.<ref name="apache-forward-reverse">{{cite web |url=http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#forwardreverse |title=Forward and Reverse Proxies |work=httpd mod_proxy |publisher=Apache |access-date=20 December 2010 |archive-date=10 February 2011 |archive-url=https://web.archive.org/web/20110210153228/http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#forwardreverse |url-status=live }}</ref> Reverse proxies are installed in the vicinity of one or more web servers. All [[Internet traffic|traffic coming from the Internet]] and with a destination of one of the neighborhood's web servers goes through the proxy server. The use of "reverse" originates in its counterpart "forward proxy" since the reverse proxy sits closer to the web server and serves only a restricted set of websites. There are several reasons for installing reverse proxy servers:
* Encryption/SSL acceleration: when secure websites are created, the [[Secure Sockets Layer]] (SSL) encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. Furthermore, a host can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts, removing the need for a separate SSL server certificate for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections. This problem can partly be overcome by using the ''SubjectAltName'' feature of [[X.509]] certificates or the [[Server Name Indication|SNI extension]] of [[Transport Layer Security|TLS]].
* [[Load balancing (computing)|Load balancing]]: the reverse proxy can distribute the load to several web servers, each serving its own application area. In such a case, the reverse proxy may need to rewrite the [[URL]]s in each web page (translation from externally known URLs to the internal locations).
* Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content.
* [[data compression|Compression]]: the proxy server can optimize and compress the content to speed up the load time.
* Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeding" it to the client. This especially benefits dynamically generated pages.
* Security: the proxy server is an additional layer of defense and can protect against some OS and web-server-specific attacks. However, it does not provide any protection from attacks against the web application or service itself, which is generally considered the larger threat.
* Extranet publishing: a reverse proxy server facing the Internet can be used to communicate to a firewall server internal to an organization, providing [[extranet]] access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet.

===={{anchor|Forward proxy}}Forward proxy vs. reverse proxy ====
A forward proxy is a server that routes traffic between clients and another system, which is in most occasions external to the network. This means it can regulate traffic according to preset policies, convert and mask client IP addresses, enforce security protocols and block unknown traffic. A forward proxy enhances security and policy enforcement within an internal network.<ref>{{Cite web |date=2023-04-19 |title=Difference between Forward Proxy and Reverse Proxy |url=https://www.geeksforgeeks.org/difference-between-forward-proxy-and-reverse-proxy/ |access-date=2024-10-24 |website=GeeksforGeeks |language=en-US}}</ref> A reverse proxy, instead of protecting the client, is used to protect the servers. A reverse proxy accepts a request from a client, forwards that request to another one of many other servers, and then returns the results from the server that specifically processed the request to the client. Effectively a reverse proxy acts as a gateway between clients, users and application servers and handles all the traffic routing whilst also protecting the identity of the server that physically processes the request.<ref>{{Cite web |last=Peers |first=Nick |date=2020 |title=Build Your First Reverse Proxy |url=https://wikipedialibrary.wmflabs.org/?next_url=/ezproxy/r/ezp.2aHR0cHM6Ly9zZWFyY2guZWJzY29ob3N0LmNvbS9sb2dpbi5hc3B4P2RpcmVjdD10cnVlJmRiPWY2aCZBTj0xNDAyNjc4ODkmc2l0ZT1lZHMtbGl2ZSZzY29wZT1zaXRl |access-date=2024-10-24 |website=Maximum PC via the Wikipedia Library |language=en}}</ref>