Firewall Wizards mailing list archives
RE: Reverse proxy ??
From: "Eric Toll" <etoll () syracusesupply com>
Date: Wed, 03 Nov 1999 22:53:51 -0500
What I gave was an example. I was just trying to point out that in general a reverse proxy has to be told what to do, and here is a paste from novell, I can do it both ways, inside or outside the firewall. HTTP Accelerator or Reverse Proxy The proxy server can be configured as an HTTP accelerator to protect an intranet server from the Internet and reduce the load on the public Web servers maintained on the intranet. HTTP acceleration, also known as reverse proxy cache acceleration or Web server acceleration, creates a front-end processor to a Web server. An HTTP accelerator server lies between one or more Web servers and the Internet and represents the Web servers to any clients accessing them. An HTTP accelerator can also be used to create a local mirror site of a remote server. When the Internet user queries DNS for the Web server address, it returns the address of the requested Web server. The HTTP accelerator listens for HTTP requests on port 80 (or another configured port) and processes all incoming Web requests. Requests for objects that can be cached---static information that does not change often, such as HTML pages and GIF images---are processed by the proxy. Requests for objects that cannot be cached---dynamic information that changes frequently---are processed by the origin Web server on port 80. In general, approximately 90 percent of a typical Web server content is static and 10 percent is dynamic. You can set up an HTTP accelerator server to retrieve information or references to cachable objects from a Web server and cache the information on a BorderManager server. This reduces loading on the Web server. The HTTP accelerator server forwards only requests and references that are not in the cache to the Web server. If your site receives requests for a high percentage of objects that can be cached, the HTTP accelerator reduces the Web load. For even greater performance, you can cache objects of a more volatile nature, such as stock quotes, and specify an accuracy delay time to users. BorderManager reverse proxy can handle more TCP connections than an origin Web server (typically UNIX or Windows NT). HTTP acceleration has the following benefits: Provides caching for Web servers Reduces the load on the Web servers and speeds them up Protects Web servers Protects IP networks in conjunction with the other BorderManager services
<Richard.Smyth () nokia com> 11/03/99 07:55PM >>>
-----Original Message----- From: EXT Eric Toll [mailto:etoll () syracusesupply com] Sent: Wednesday, November 03, 1999 4:11 AM To: joe () joesnet com Cc: < Subject: RE: Reverse proxy ?? I feel no one has clearly said what a Reverse Proxy is. Proxy: is a entity which takes client requests, goes and gets it on the net and saves it to its disk, (in case anyone else wants the same item - caching) then serves it up to the client. (FTP, WWW, etc) Reverse Proxy: Gee wilickers I've got 200+ users going out to a large web site all the time. I know what to do, I'll cache the whole site and I'll tell the proxy server (on my users behalf) to go out and start copying the whole entire site at midnight, tell it not to expire for 4 days, and save all this info to the proxy servers disk array. Now when everyone starts hitting this particular site, the content is served up via high speed local net, instead of going out across the internet connection.
What you just described is NOT reverse (or "inbound") proxy. That's a normal proxy with something resembling predictive caching. A normal proxy accepts requests from inside your network for web sites outside. A reverse proxy accepts requests from outside for a web server inside. As walter said, it's sometimes called web acceleration as the proxy server is often capable of delivering the static pages out faster than the web server. Reverse proxying is often authenticated. IE if I run a number of web servers on my "intranet" I may only want my users to see them. However, sometimes the users are outside the firewall - so I set up a proxy server on the border of my network, and configure it to ask for a password before it delivers the site. Then people get their internet connection anywhere and point their browser at that proxy server, get authenticated and read web sites inside my network. Regards, Richard.
Walter is right, I just thought I'd provide a real world example."Joe Ippolito" <joe () joesnet com> 10/31/99 09:33PM >>>which may actually be more than one web server behind your firewall acting in a round-robin mode? -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Walter Boyd Sent: Saturday, October 30, 1999 3:02 AM To: firewall-wizards () nfr net Subject: Re: Reverse proxy ?? Reverse Proxy, sometimes referred to as Web Acceleration, is the capability of taking an address outside your firewall, mapping it to a web server inside the firewall, and performing transparent caching of the web servers' static content in the process. The DNS address for the web server is the proxy address outside the firewall. Walter Boyd http://www.certifiednets.com/Sandy Green <sand232 () yahoo com> 10/28/99 05:27PM >>>There was a quetion here in this list about MS Proxy server with one or two NIC cards. In that context it was highlighted that with one NIC card "reverse proxy" will not be possible. But can someone explain as to what is reverse proxy ? ===== __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
Current thread:
- RE: Reverse proxy ??, (continued)
- RE: Reverse proxy ?? Robyn Bailey (Nov 01)
- RE: Reverse proxy ?? Eric Toll (Nov 02)
- RE: Reverse proxy ?? Rafi Sadowsky (Nov 04)
- Re: Reverse proxy ?? Rui Pereira (Nov 04)
- RE: Reverse proxy ?? Anton J Aylward (Nov 04)
- RE: Reverse proxy ?? Don Tuer (Nov 05)
- RE: Reverse proxy ?? dreamwvr (Nov 06)
- Re: Reverse proxy ?? Brad Van Orden (Nov 04)
- RE: Reverse proxy ?? Eric Toll (Nov 05)
- RE: Reverse proxy ?? fernando_montenegro (Nov 05)
- RE: Reverse proxy ?? Eric Toll (Nov 05)
- RE: Reverse proxy ?? Scott, Richard (Nov 05)
- RE: Reverse proxy ?? Marcus J. Ranum (Nov 05)
- RE: Reverse proxy ?? Eric Toll (Nov 08)