In computer networks
, a proxy server
is a server
(a computer system or an application program) that acts as an intermediary for requests from clients
seeking resources from other servers. A client connects to the proxy
server, requesting some service, such as a file, connection, web page,
or other resource, available from a different server. The proxy server
evaluates the request according to its filtering rules. For example, it
may filter traffic by IP address
If the request is validated by the filter, the proxy provides the
resource by connecting to the relevant server and requesting the
service on behalf of the client. A proxy server may optionally alter
the client's request or the server's response, and sometimes it may
serve the request without contacting the specified server. In this
case, it 'caches
' responses from the remote server, and returns subsequent requests for the same content directly.
A proxy server has many potential purposes, including:
- To keep machines behind it anonymous (mainly for security).
- To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
- To apply access policy to network services or content, e.g. to block undesired sites.
- To log / audit usage, i.e. to provide company employee Internet usage reporting.
- To bypass security/ parental controls.
- To scan transmitted content before delivery for malware.
- To scan outbound content, e.g. for data leak protection.
- To circumvent regional restrictions.
A proxy server that passes requests and replies unmodified is usually called a gateway
or sometimes tunneling proxy
A proxy server can be placed in the user's local computer or at
various points between the user and the destination servers on the
A reverse proxy
is a (usually) Internet-facing proxy used as a front-end to control and
protect access to a server on a private network, commonly also
performing tasks such as load-balancing, authentication, decryption or
is a dedicated appliance, or software
running on a computer, which inspects network traffic passing through
it, and denies or permits passage based on a set of rules.
It is a software or hardware that is normally placed between a
protected network and an unprotected network and acts like a gate to
protect assets to ensure that nothing private goes out and nothing
malicious comes in.
A firewall's basic task is to regulate some of the flow of traffic between computer networks
of different trust levels. Typical examples are the Internet
which is a zone with no trust and an internal network
which is a zone of higher trust. A zone with an intermediate trust
level, situated between the Internet and a trusted internal network, is
often referred to as a "perimeter network" or Demilitarized zone
A firewall's function within a network is similar to physical firewalls
with fire doors in building construction. In the former case, it is
used to prevent network intrusion to the private network. In the latter
case, it is intended to contain and delay structural fire from
spreading to adjacent structures.
Without proper configuration, a firewall can often become worthless.
Standard security practices dictate a "default-deny" firewall ruleset,
in which the only network connections which are allowed are the ones
that have been explicitly allowed. Unfortunately, such a configuration
requires detailed understanding of the network applications and
endpoints required for the organization's day-to-day operation. Many
businesses lack such understanding, and therefore implement a
"default-allow" ruleset, in which all traffic is allowed unless it has
been specifically blocked. This configuration makes inadvertent network
connections and system compromise much more likely.