Firewall Fundamentals
In the context of firewalls, proxy servers (proxies) have a couple of primary functions:
Proxies act as an intermediary by literally intercepting and responding to requests between hosts, as shown in Figure 8-1. Figure 8-1. Communication Process Between Hosts Through a Proxy
In this case, Server1 and Server2 are attempting to communicate with each other. The proxy resides between the two hosts and responds to all communications and requests between the two hosts. This ensures that the two hosts never actually communicate directly with each other. Logically, Server1 and Server2 are communicating with each other, even though physically the communication process is occurring through a proxy. This function is completely transparent to the end user/system, which means that Server1 has no idea that it is not actually communicating directly with Server2 and vice versa. Many proxies, in particular proxies that support the HTTP protocol, can also cache data, which in turn allows the proxy to service subsequent requests for the same data from cache, instead of needing to forward the request to the external source. This allows the proxy to help reduce Internet bandwidth requirements, because the first request for the data uses Internet bandwidth whereas all subsequent requests are services from the proxy's cache. This has the additional effect of reducing the time that it takes to display the data because many proxies are connected to the clients that use them over faster connections. These two elements, application filtering and functioning as a proxy, are the two elements that really identify an application proxy firewall from other types of firewalls such as deep packet inspecting firewalls. |
Категории