So I've just been learning about proxy and I had a bit of confusion about both forward proxy and reverse proxy. So I'm gonna go through my assumption and please correct me if I'm wrong
Forward Proxy
forward proxy is a proxy that runs in a private network it's internal meaning that it runs in your computer offline it stands in between you and the internet
the process goes like computer ==> forward proxy ==> internet ==> web application
Reverse Proxy
reverse proxy is a proxy that runs entirely online. If forward proxy was provided by your computer
Reverse proxy is usually provided by your ISP.
and the process goes like computer ==> internet ==> reverse proxy ==> web application
NOTE that every thing that I've typed regarding proxy is an assumption
Related
I stumbled upon a stupid question that does however give me some trouble:
If I set up a proxy server in my windows proxy server, does every request that will be made by that machine go through that proxy?
I've set up a proxy server using squid proxy.
Then enter the proxy server's details on my laptop and tested it. Everything is correct, I can see the public IP address that my proxy server is having and my usual addresses are reachable.
But one URL cannot open with error: ERR_TUNNEL_CONNECTION_FAILED
I've tested this specific URL on the server where the proxy is set up and it is reachable.
So, any ideas why it cannot be reached from my laptop - through the proxy?
Thank you
I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
I have a corporate proxy using Squid and kerberos for authentication, the proxy is configured for standard use, I.E allow http, https, a few others and block everything else. Now, there are many applications that support basic proxy authentication, but do not support Kerberos based authentication and many others that connect directly to the internet. I used Proxifier before the upgrade to kerberos to make my applications use the proxy, but I cannot do so now. I then installed an application called PX to create a proxy that connects to kerberos, but the proxy it creates is a simple HTTP Proxy and proxifier doesn't work correctly with it. Anyone has a setup for a situation like this?. I use Windows 10 and I obviously don't have access to the server where squid is configured. The application I need to connect to the internet uses standard https ports, it's not a torrent application nor anything that uses the ports blocked by squid. Thanks in advance.
Ok, for this particular case I've found the following setup to solve 99% of my problems.
First get Px here https://github.com/genotrance/px
Next get Fiddler: http://www.getfiddler.com/dl/Fiddler4BetaSetup.exe
Configure PX with your user and your domain and run it. By default it creates a running proxy on 127.0.0.1:3128
Configure your sistem proxy to use the proxy supplied by PX.
Execute fiddler, it should create ANOTHER proxy at 127.0.0.1:8888
Use this proxy in your apps. Proxifier should work as well.
Why use fiddler and not the direct 127.0.0.1:3128?, PX creates a pure http proxy and fiddler allows to tunnel https and connect request through it.
Any requests will pass through fiddler which will redirect them to the PX proxy which will redirect them to the squid proxy (So expect very slow speeds).
In the end since you're just redirecting your apps towards your proxy, if your proxy bans using regex expressions or direct IP connections some apps will NOT work, and in these cases using TOR or a VPN is the only real solution. Hope it helps someone avoid all the headaches I went through.
In my company there is a proxy that requires credentials.
I use Windows XP and I want to apply an indirection layer in my tcp/ip stack that makes this completely transparent.
For example it would be nice a software that I can configure with my company proxy and act as I don't have any proxy in my network.
With this software I don't have to configure software that don't consider my default proxy settings done with Internet Explorer.
This question is probably over, but in case the subject is still of interest, there are some possiblities with Fiddler, which are outline in the answers to this :
Configuring Fiddler to use company network's proxy? : essentially fiddler is configured to cache the credentials needed to access the internet, and your access from local box goes via fiddler proxy first.