Editing Proxy server (section)

==Uses==
===Monitoring and filtering===
====Content-control software====
{{Further|Content-control software}}
A [[content filtering|content-filtering]] web proxy server provides administrative control over the content that may be relayed in one or both directions through the proxy. It is commonly used in both commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to [[acceptable use policy]].

Content filtering proxy servers will often support [[Authentication|user authentication]] to control web access. It also usually produces [[server log|logs]], either to give detailed information about the URLs accessed by specific users or to monitor [[Bandwidth (computing)|bandwidth]] usage statistics. It may also communicate to [[daemon (computing)|daemon]]-based or [[Internet Content Adaptation Protocol|ICAP]]-based antivirus software to provide security against viruses and other [[malware]] by scanning incoming content in real-time before it enters the network.

Many workplaces, schools, and colleges restrict web sites and online services that are accessible and available in their buildings. Governments also censor undesirable content. This is done either with a specialized proxy, called a content filter (both commercial and free products are available), or by using a cache-extension protocol such as ICAP, that allows plug-in extensions to an open caching architecture.

Websites commonly used by students to circumvent filters and access blocked content often include a proxy, from which the user can then access the websites that the filter is trying to block.

Requests may be filtered by several methods, such as a [[Blacklist (Computing)|URL]] or [[DNSBL|DNS blacklists]], URL regex filtering, [[MIME]] filtering, or content keyword filtering. Blacklists are often provided and maintained by web-filtering companies, often grouped into categories (pornography, gambling, shopping, social networks, etc.).

The proxy then fetches the content, assuming the requested URL is acceptable. At this point, a dynamic filter may be applied on the return path. For example, [[JPEG]] files could be blocked based on fleshtone matches, or language filters could dynamically detect unwanted language. If the content is rejected then an HTTP fetch error may be returned to the requester.

Most web filtering companies use an internet-wide crawling robot that assesses the likelihood that content is a certain type. Manual labor is used to correct the resultant database based on complaints or known flaws in the content-matching algorithms.<ref>{{Cite journal |last1=Suchacka |first1=Grażyna |last2=Iwański |first2=Jacek |date=2020-06-07 |title=Identifying legitimate Web users and bots with different traffic profiles — an Information Bottleneck approach |journal=Knowledge-Based Systems |language=en |volume=197 |pages=105875 |doi=10.1016/j.knosys.2020.105875 |s2cid=216514793 |issn=0950-7051|doi-access=free }}</ref>

Some proxies scan outbound content, e.g., for data loss prevention; or scan content for malicious software.

====Filtering of encrypted data====
Web filtering proxies are not able to peer inside secure sockets HTTP transactions, assuming the chain-of-trust of SSL/TLS ([[Transport Layer Security]]) has not been tampered with. The SSL/TLS chain-of-trust relies on trusted root [[Certificate authority|certificate authorities]].

In a workplace setting where the client is managed by the organization, devices may be configured to trust a root certificate whose private key is known to the proxy. In such situations, proxy analysis of the contents of an SSL/TLS transaction becomes possible. The proxy is effectively operating a [[man-in-the-middle attack]], allowed by the client's trust of a root certificate the proxy owns.

====Bypassing filters and censorship====
If the destination server filters content based on the origin of the request, the use of a proxy can circumvent this filter. For example, a server using [[Internet Protocol|IP]]-based [[geolocation]] to restrict its service to a certain country can be accessed using a proxy located in that country to access the service.<ref name="harvard">{{cite web |title=2010 Circumvention Tool Usage Report |url=http://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/2010_Circumvention_Tool_Usage_Report.pdf |publisher=The Berkman Center for Internet & Society at Harvard University |date=October 2010 |access-date=15 September 2011 |archive-date=18 January 2012 |archive-url=https://web.archive.org/web/20120118170534/http://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/2010_Circumvention_Tool_Usage_Report.pdf |url-status=live }}</ref>{{rp|3}}

Web proxies are the most common means of bypassing government censorship, although no more than 3% of Internet users use any circumvention tools.<ref name="harvard" />{{rp|7}}

Some proxy service providers allow businesses access to their proxy network for rerouting traffic for business intelligence purposes.<ref>{{cite web |title=How to Check if Website is Down or Working Worldwide |url=https://www.hostinger.co.uk/tutorials/website/how-to-check-if-website-is-working-worldwide/ |website=Hostinger |access-date=14 December 2019 |date=19 November 2019 |archive-date=14 December 2019 |archive-url=https://web.archive.org/web/20191214110525/https://www.hostinger.co.uk/tutorials/website/how-to-check-if-website-is-working-worldwide/ |url-status=live }}</ref><!-- google "test your website with a proxy server" to find multiple companies offering this service-->

In some cases, users can circumvent proxies that filter using blacklists by using services designed to proxy information from a non-blacklisted location.<ref name="Bypassing a Filtering Proxy">{{cite web |url=http://sitevana.com/webtech/ |title=Using a Ninjaproxy to get through a filtered proxy. |work=advanced filtering mechanics |publisher=TSNP |access-date=17 September 2011 |archive-url=https://web.archive.org/web/20160309075844/http://sitevana.com/webtech |archive-date=9 March 2016 |url-status=dead }}</ref><!-- Eg. anonymous.org -->

[[File:CPT-Proxy.svg|thumb|upright=1.7|Many organizations block access to popular websites such as Facebook. Users can use proxy servers to circumvent this security. However, by connecting to proxy servers, they might be opening themselves up to danger by passing sensitive information such as personal photos and passwords through the proxy server. This image illustrates a common example: schools blocking websites to students.]]

====Logging and eavesdropping====
Proxies can be installed in order to [[Eavesdropping|eavesdrop]] upon the data-flow between client machines and the web. All content sent or accessed&nbsp;– including passwords submitted and [[HTTP cookie|cookies]] used&nbsp;– can be captured and analyzed by the proxy operator. For this reason, passwords to online services (such as webmail and banking) should always be exchanged over a cryptographically secured connection, such as SSL.

By chaining the proxies which do not reveal data about the original requester, it is possible to obfuscate activities from the eyes of the user's destination. However, more traces will be left on the intermediate hops, which could be used or offered up to trace the user's activities. If the policies and administrators of these other proxies are unknown, the user may fall victim to a false sense of security just because those details are out of sight and mind.
In what is more of an inconvenience than a risk, proxy users may find themselves being blocked from certain Web sites, as numerous forums and Web sites [[IP address blocking|block IP addresses]] from proxies known to have [[Spam (electronic)|spammed]] or [[Troll (Internet)|trolled]] the site. Proxy bouncing can be used to maintain privacy.

===Improving performance===
A '''caching proxy''' server accelerates service requests by retrieving the content saved from a previous request made by the same client or even other clients.<ref>{{Cite web |title=Caching Proxy |url=https://www.ibm.com/docs/en/was-nd/9.0.5?topic=overview-caching-proxy |access-date=2023-07-02 |website=www.ibm.com |language=en-us}}</ref> Caching proxies keep local copies of frequently requested resources, allowing large organizations to significantly reduce their upstream bandwidth usage and costs, while significantly increasing performance. Most ISPs and large businesses have a caching proxy. Caching proxies were the first kind of proxy server. Web proxies are commonly used to [[web cache|cache]] web pages from a web server.<ref>{{cite book |quote=A proxy server helps speed up Internet access by storing frequently accessed pages |first=Keir |last=Thomas |title=Beginning Ubuntu Linux: From Novice to Professional |publisher=Apress |year=2006 |isbn=978-1-59059-627-2 |url-access=registration |url=https://archive.org/details/beginningubuntul00keir }}</ref> Poorly implemented caching proxies can cause problems, such as an inability to use user authentication.<ref name="rfc3143">{{cite IETF |title=Known HTTP Proxy/Caching Problems |rfc=3143 |author=I. Cooper |author2=J. Dilley |date=June 2001 |publisher=[[Internet Engineering Task Force|IETF]] |access-date=2019-05-17 }}</ref>

A proxy that is designed to mitigate specific link related issues or degradation is a [[Performance Enhancing Proxy]] (PEPs). These are typically used to improve [[Transmission Control Protocol|TCP]] performance in the presence of high round-trip times or high packet loss (such as wireless or mobile phone networks); or highly asymmetric links featuring very different upload and download rates. PEPs can make more efficient use of the network, for example, by merging TCP [[Acknowledgement (data networks)|ACKs]] (acknowledgements) or compressing data sent at the [[application layer]].<ref name="rfc3135.2.1">{{cite IETF |title=Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations |rfc=3135 |sectionname=Layering |section=2.1 |page=4 |date=June 2001 |publisher=[[Internet Engineering Task Force|IETF]] |access-date=21 February 2014 }}</ref>

===Translation===
A translation proxy is a proxy server that is used to localize a website experience for different markets. Traffic from the global audience is routed through the translation proxy to the source website. As visitors browse the proxied site, requests go back to the source site where pages are rendered. The original language content in the response is replaced by the translated content as it passes back through the proxy. The translations used in a translation proxy can be either machine translation, human translation, or a combination of machine and human translation. Different translation proxy implementations have different capabilities. Some allow further customization of the source site for the local audiences such as excluding the source content or substituting the source content with the original local content.

===Accessing services anonymously===
{{Main|Anonymizer}}
An anonymous proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. [[Anonymizer]]s may be differentiated into several varieties. The destination server (the server that ultimately satisfies the web request) receives requests from the anonymizing proxy server and thus does not receive information about the end user's address. The requests are not anonymous to the anonymizing proxy server, however, and so a degree of trust is present between the proxy server and the user. Many proxy servers are funded through a continued advertising link to the user.

'''Access control''': Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the [[World Wide Web|web]]. The organization can thereby track usage to individuals. Some anonymizing proxy servers may forward [[Network packet|data packets]] with header lines such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED, which may reveal the IP address of the client. Other anonymizing proxy servers, known as elite or high-anonymity proxies, make it appear that the proxy server is the client. A website could still suspect a proxy is being used if the client sends packets that include a cookie from a previous visit that did not use the high-anonymity proxy server. Clearing cookies, and possibly the cache, would solve this problem.

====QA geotargeted advertising====
Advertisers use proxy servers for validating, checking and quality assurance of [[geotargeting|geotargeted ads]]. A geotargeting ad server checks the request source IP address and uses a [[Internet geolocation|geo-IP database]] to determine the geographic source of requests.<ref>{{cite web|title=Hot Tactics For Geo-Targeted Ads on Google & Bing|date=October 2013|url=http://searchengineland.com/hot-tactics-for-geo-targeted-ads-on-google-bing-smx-east-173213|access-date=7 February 2014|archive-date=14 February 2014|archive-url=https://web.archive.org/web/20140214092544/http://searchengineland.com/hot-tactics-for-geo-targeted-ads-on-google-bing-smx-east-173213|url-status=live}}</ref> Using a proxy server that is physically located inside a specific country or a city gives advertisers the ability to test geotargeted ads.

===Security===
A proxy can keep the internal network structure of a company secret by using [[network address translation]], which can help the [[computer security|security]] of the internal network.<ref>{{cite web |quote=The proxy server is, above all, a security device. |url=http://tldp.org/HOWTO/Firewall-HOWTO-11.html |publisher=tldp.org |title=Firewall and Proxy Server HOWTO |access-date=4 September 2011 |archive-date=23 August 2011 |archive-url=https://web.archive.org/web/20110823224815/http://tldp.org/HOWTO/Firewall-HOWTO-11.html |url-status=live }}</ref> This makes requests from machines and users on the local network anonymous. Proxies can also be combined with [[firewall (computing)|firewall]]s.

An incorrectly configured proxy can provide access to a network otherwise isolated from the Internet.<ref name="nmap">{{cite book |title=Nmap network scanning |last=Lyon |first=Gordon |author-link=Gordon Lyon |year=2008 |publisher=Insecure |location=US |isbn=978-0-9799587-1-7 |page=270 }}</ref>

====Cross-domain resources====
Proxies allow web sites to make web requests to externally hosted resources (e.g. images, music files, etc.) when [[Same-origin policy|cross-domain restrictions]] prohibit the web site from linking directly to the outside domains. Proxies also allow the browser to make web requests to externally hosted content on behalf of a website when cross-domain restrictions (in place to protect websites from the likes of data theft) prohibit the browser from directly accessing the outside domains.

===Malicious usages===
====Secondary market brokers====
Secondary market brokers use web proxy servers to circumvent restrictions on online purchases of limited products such as limited sneakers<ref>{{cite web|title=Sneaker Bot Supreme Proxy|url=https://www.geosurf.com/sneaker-residential-ips-proxy/|publisher=GeoSurf|access-date=24 September 2017|archive-date=24 September 2017|archive-url=https://web.archive.org/web/20170924182153/https://www.geosurf.com/sneaker-residential-ips-proxy/|url-status=dead}}</ref> or tickets.