526互联

dns and forward proxy

发布时间 2023-11-29 22:33:22作者: lightsong

forward proxy & reverse proxy

https://zhuanlan.zhihu.com/p/163948996

 

https://netnut.io/forward-proxy-server/

Definition of a Forward Proxy Server

Forward Proxy Server

One of the most common uses of a proxy server is to help you hide your IP address in the simplest way possible. That is what a forward proxy server is all about. It sits between your device network and the internet, dictating which information can pass through from the user to the internet. If any sensitive data is detected, the forward proxy server can either prevent access, or apply acceptable use and corporate security policies.

If the data that is being sent from the user is approved by the forward proxy server, it is sent through to its destination. The same protocols will be applied to the responses from the external websites.

 

 

 

Forward Proxy Vs. Reverse Proxy

 

Reverse Proxy

 

To fully explain what a forward proxy server is, it is also necessary to look at its polar opposite, the reverse proxy server. 

 

A reverse proxy provides services on behalf of the servers, rather than the client. In many cases, reverse proxies act as load balancers when accepting requests from external clients. Normally, you will find a reverse proxy configured alongside a firewall.

 

A good way to visualize the difference between a forward proxy and a reverse proxy is to imagine their placement in relation to the internal network and the internet. While a forward proxy will sit in front of client endpoints to inspect incoming requests, a reverse proxy server sits in front of a web server, ensuring that no clients interact directly with the server.

 

 

dns query by forward proxy

https://milestone-of-se.nesuke.com/en/nw-basic/grasp-nw/proxy/

 

https://serverfault.com/questions/169816/how-dns-lookups-work-when-using-an-http-proxy-or-not-in-ie

Not exactly: it depends on how the client is configured. Let's use IE as the basic example.

If you configure IE with an explicit proxy: e.g. no other options ticked, proxy set to something:8080.

    1. User types an address

    2. IE checks the address for a string match against the IE proxy exceptions list (i.e. "Bypass proxy for these addresses:")

      a. If it matches an entry in the Bypass list, the client uses its own DNS to resolve the name, and then the client connects directly to the target IP address on port 80 (assumed), then sends a request like:

      GET /something.htm HTTP/1.1
      Host: fulldomainame.example.com

      b. If no bypass list entries match, continue:

    3. IE connects to its configured proxy, and sends a request of the form:

      GET http://fulldomainname.example.com/something.htm HTTP/1.1

      Bonus factoid: this use of the FQDN in the URL is one way you can tell that a client thinks it's talking to a proxy instead of a real web server

    4. The proxy resolves that host name using its own DNS, and then connects to the target site (acts like the client in step 2 above), etc, etc.

 

ccproxy supports

https://5socks.net/Manual/ccproxy_en.html