What Is A Web Proxy Server And What Does It Do?


Responsive image

A web proxy server, also known as a proxy or application level gateway (Wikipedia), is a computer that is located between your computer and the Internet. It intercepts data transmissions between you and the service you want to use. Proxy servers don't just forward data, they open the contents of the data packets and forward them often modified. This is often desired to protect a network (company, organizations). Data that runs through a proxy server is differentiated according to different incoming and outgoing ports. An incoming port (e.g. 8080) is forwarded to another port, but not the complete data transfer of a device. "Ports" can be imagined as a virtual extension system for data transfer. There are ports (direct dialing) where only web page data is exchanged, others also transfer the communication to FTP servers etc. Example: Port 80 or 8080 is mostly used for text content of web pages. Port 21 is usually only used for FTP transfers. If the communication to a website is blocked, e.g. because it is only allowed for local IP addresses, then proxies can help by giving users a new virtual IP address or identity. But all users of the proxy server use this identity at the same time. So you can also access US blocked content through a US proxy server. While a proxy server actually always opens data packets and forwards them according to predefined rules, NAT routers only forward data unopened. The ideal field of application for proxy servers Proxy servers are often used in corporate networks, so you can control access to certain content or even running virus scans during user data transfer. The dangers of proxy services Encrypted websites are also readable and manipulable! If a user establishes an SSL connection to a website behind a proxy server, the proxy will do this encryption, but this also means that there is NO direct encryption between the user and the website. The contents that are exchanged are therefore readable and even manipulable by the proxy. Example: A bank transfer, which is usually also transmitted via an SSL connection between the user and the bank computer, can be routed through a proxy server and can thus be manipulated consciously and unnoticed even though the connection appears to be secure! This is a typical attack scenario for hackers, who use malicious software to enter a proxy server for the user and from then on his communication also takes place via the attacker's proxy. Proxies are easy to detect In addition, website operators can easily detect the use of proxy servers and thus block their use. Conversely, hackers (or simply lazy hackers with search software) can find users of proxies and then use them as targets. Proxy users in particular are usually exposed to a much higher number of attacks by unknown hackers than users who do not use any of these services. With different methods it is possible to find out the real IP address and therefore the identity of the user. While a user in a company network is only assigned an internal and inaccessible IP address and is therefore still protected, private users become a worthwhile target for attacks by their public vpm internet provider. Not all data is routed via proxies Most of the free proxy servers available on the Internet do not forward every port, so many data services such as e-mail or file sharing are not supported at all and these either do not work anymore or you provide the real IP address. Proxies save web pages and contents Proxies can cache all user activity, but even entire web pages or content. If the user now calls up a page whose contents have already been stored on the proxy, then without a direct connection to the web server, this stored or even manipulated web page is also delivered to the user. In companies and organizations this is used when hundreds of users access the same content from the Internet every day, and it also significantly reduces Internet data transfer. But of course it also delivers partly outdated data, because the proxy server usually reloads or updates them only after a defined period of time. In an attack scenario, however, this can also lead to massive security problems.  

Proxies are used in networks for many tasks:

Protection of the clients Users who are behind a proxy in a "private network" can be protected from the outside world (Internet) by proxies, since content sent in both directions can also be checked and possibly blocked. Protection of the servers Often servers that should also be available on the Internet are hidden behind proxies, i.e. ports that are open on the server are translated and then made accessible through other ports on the Internet. In between, all incoming and outgoing data transfer, and thus also hacking attempts etc. can be logged or can cause automatic actions. Bandwidth control In order to find the bandwidths of intensive services or users in a network, proxies can also keep real-time statistics about them and thus identify these users. Processing of data It is also possible to deliberately modify data in a different format while it is still being accessed by a user/server in the network behind the proxy and thus make it readable or importable. Content control All data content sent through the proxy can also be checked for content (keywords, search terms, web pages, etc.). Exact statistics and usage activities can be created and evaluated. Logging Activities can be consciously recorded and thus also proven. A typical case would be if the use of Facebook was prohibited in a company. With the logs of the proxy server one can prove exactly who did what and when. Even if the pages would generally offer SSL encryption, this can be "broken" by the proxy. Translations of services Sometimes it is important to modify or translate external services before connecting to an internal service. Since it is not always possible to make changes to the source data to ensure compatibility. This can also be done mostly via proxy services. You have to trust the proxy operator! If you use a proxy, it is very important to trust the owner of the proxy. Why? Even if your data comes to and from the proxy encrypted, the proxy has to decrypt it to send it. This means that your private data is fully exposed on the proxy server. If you trust the proxy operator 100% then this is not a problem and you gain more security. But who knows who runs the proxy servers you find on the internet and even for free? Of course there are secret services among the providers, but also hackers, cheaters or even deceived people who do not even know that your own computer is used as a proxy and therefore the true identity of the hackers remains in the dark. If you cannot trust the proxy provider, then you are much safer if you do NOT use a proxy instead! Note: You should mention the difference between a proxy server on the Internet and a router with network address translation (NAT). (Often these are used for small networks or as WLAN routers) A proxy server sends and receives Internet traffic, acting as an intermediary on behalf of the users' devices. A NAT router translates IP addresses between the local network (Users) and the Internet (Public), a single IP address that represents multiple addresses on the local network. A NAT router, such as a WLAN router at home, does very little to protect you online. Advantages of proxy servers You can also open/retrieve web pages via proxy servers, often with web pages blocked for your own IP address Your identity is protected as long as the proxy operator is trustworthy or the identity of the individual user is not specifically investigated. Proxies are very easy to set up. Disadvantages of proxy servers: Network administrators or website operators can easily block the use of proxies. An untrustworthy operator or proxy server can pose a much greater threat to your privacy than not using one at all! Hackers use free proxies to hack victims! The proxy server can always recognize your identity and can also save or even manipulate all user activities! A VPN service offers a better protection of your identity. Online. Web-Proxies are a tool to secure the internet connection you use. Usually you can use proxy on all devices as well as Windows computers, Macbook, Linux computers or even on the tablet or smartphone. Basically on any device that has an internet browser. This way you can easily unlock content without installing any software or additional app and access YouTube, Facebook, eBay, Twitter or many other websites, even if you are in a country where these websites are blocked (Turkey as an example). However, the data about the access to the proxy server is usually not encrypted. Therefore, your own privacy should not be the most important argument for you. It is nevertheless possible for third parties to view or save your user activities. Some proxy providers like ZenMate on the other hand offer to encrypt the data between the user's browser and the proxy service via SSL. This helps with the transfer of data, but does not protect against being spied on directly by the proxy operator either, furthermore only a small part of the data transfer is carried out via the ports 80 or 8080 used by the internet browser, all other applications such as e-mail, FTP or all programs on the operating system usually communicate via other ports and are therefore neither protected nor anonymized! Therefore, local applications are installed as a solution which convert this data traffic and also lead encrypted to the proxy servers. However, this limits the usage to a few devices and furthermore, data manipulation by the operator is still not excluded, even when using SSL protected websites! A VPN server can reliably protect all data traffic on most devices. Since all data sent or received by a VPN service is encrypted and this data is not opened on the VPN server but only forwarded 1:1, the user is assigned a unique and public IP address (identity) of the VPN server. Incoming data traffic can be checked at the VPN server like a firewall, but the data packets are not opened but only certain ports are blocked or attacks are automatically reacted to and data transmissions are blocked. Compared to proxy servers, this is a limited, but much more "private" protection of personal data and activities.