What is an HTTP Proxy?

Overview

Although Web clients often connect directly to Web servers, this approach can pose certain performance and security risks for both clients and servers. HTTP proxies, also known as Internet proxies, offer a means of managing these risks, helping to boost security and efficiency for all stakeholders in the context of connecting to websites and Web apps.

An HTTP proxy, also known as an Internet proxy, is an intermediary between a Web server and a client. The job of an HTTP proxy is to forward requests from clients to servers, as well as to send server responses back to clients. In the process of managing these requests, HTTP proxies can perform actions that improve performance or security.

To understand fully what HTTP proxies do, it’s helpful to know how Web traffic works. The Web – meaning the part of the Internet that hosts websites, Web apps, and other content served via the HTTP protocol – works based on a client-server model. This means that Web servers host content (such as HTML and JavaScript files that constitute a website) and deliver it upon request to clients. When you open a website in a browser on your computer, your browser is the client, and it connects to the Web server that hosts the site to request the content.

HTTP proxies are not a requirement for transmitting traffic between Web servers and clients or vice versa. By default, most Web traffic does not move through a proxy; instead, clients typically connect directly to servers, and server responses go directly back to clients. However, a proxy can be implemented by either a Web client or a server to act as an intermediary.

Benefits and drawbacks of HTTP proxies

There are several advantages to passing Web traffic through an Internet proxy instead of letting clients talk to servers directly:

• Heightened security: Proxies can block malicious requests before they reach servers, making it more difficult for attackers to perform actions like injecting malicious code into a website. They also obscure the identity of servers because clients on the Internet can only “see” the proxy, not the server itself. This makes it harder for threat actors to collect information about the software configuration of a Web server and carry out attacks based on it.

• Improved privacy: By filtering sensitive data, such as personal names, out of Web requests and responses, HTTP proxies can help to protect user privacy. The ability to pass traffic through a proxy can also hide client and server identities from each other, providing benefits like the ability for users to connect to websites without revealing their IP addresses or geographic location.

• Better performance: Proxies can boost website and Web app performance through actions such as caching frequently requested content, compressing data to save bandwidth, and blocking or dropping redundant requests.

The major disadvantage of an HTTP proxy or Internet proxy is that they can reduce performance under some circumstances. The work that HTTP proxies perform to inspect and filter Web traffic can add to the time it takes for data to flow from clients to servers and vice versa, potentially leading to issues like slower page loading times. In addition, if moving traffic through a proxy requires the traffic to take a much longer route than it would to flow directly between a client and server, latency and error rates may increase.

How HTTP/Internet proxies work

HTTP proxies operate based on the following steps:

1. The proxy receives a Web request, such as a request from a user to display the contents of a page on a website.
2. The proxy analyzes the request and determines whether it should perform actions on the request content, such as filtering information from the request or (if it is a malicious request) blocking it entirely.
3. The proxy sends the modified version of the request onto the Web server, unless the proxy has determined that it is necessary to block the request, in which case it simply drops it.
4. The proxy receives the server’s response and sends it back to the client. In some cases, the proxy server might modify the response, such as by compressing data to reduce network load; however, it is more common for a proxy to modify incoming requests rather than the resulting response.

What can an HTTP proxy do?

The most important component of an HTTP proxy server’s functionality is the second step listed above – the process of analyzing requests and modifying their content.

The modifications that proxy servers make reflect rules configured in the servers. Examples of common proxy server content changes include:

• Request blocking: HTTP proxies can be configured to drop requests that originate from certain IP addresses or domains, or that contain certain types of files. For instance, a proxy could block a client from uploading a .exe file.

• Data filtering: A proxy server can delete or anonymize sensitive data, such as a personal name or address, from an HTTP request before forwarding it to a server.

• Data compression: Compressing data can reduce the amount of information that needs to flow over the network, leading in some cases to better performance.

• Encrypting data: Some HTTP proxy servers can encrypt requests that arrive in unencrypted form. Data encryption prevents attackers who can view the data as it flows over a network from being able to read it, unless they have access to the decryption key.

HTTP proxies vs. reverse proxies

The term HTTP proxy can refer in a general sense to any proxy server that acts as an intermediary for Web traffic. However, in a stricter sense, HTTP proxies are distinct from reverse proxies.

Narrowly defined, an HTTP proxy is a proxy server that sits between a client and a Web server, allowing clients to send requests to servers without revealing their identity or location to the Web server. In contrast, a reverse proxy sits in front of one or more Web servers and accepts incoming requests on their behalf, making it possible to shield the Web servers from direct client requests.

The difference between HTTP proxies and reverse proxies boils down to use cases. The main purpose of an HTTP proxy is to help clients obfuscate their identities, typically for privacy purposes or to connect to a Web server that is blocked in a user’s region. A reverse proxy’s primary purpose is to strengthen enterprise security by isolating Web servers from the Internet and blocking malicious requests before they reach Web servers.

Types of HTTP proxies: Transparent vs. non-transparent

From the perspective of both the Web client and the server, proxies can be either transparent or non-transparent.

In a transparent proxy, the client cannot tell that its requests flow through an HTTP proxy before reaching Web servers. This setup is common in situations where a business deploys Internet proxies to accept incoming Web requests and forward them to its Web servers, which in this scenario would typically be located behind a firewall and not directly reachable from the Internet (in this case, the business would be creating a reverse proxy). Using this approach, the business can filter malicious requests and isolate its Web servers from the Internet. In this setup, clients connecting to the organization’s Web servers would not be able to tell that their requests are passing through proxy servers.

A non-transparent proxy is one where the client and/or server are aware that traffic between them flows through a proxy. A common scenario for using a non-transparent proxy is one in which a user chooses to direct Web requests to a proxy server as a way of hiding his or her identity from Web servers. The proxy would be apparent, instead of transparent, to the client because the user knowingly configured an Internet proxy.

The Web server may also be able to determine that an HTTP proxy is in use by the client because the HTTP headers for incoming requests often include information indicating that a request comes through a proxy. However, some proxy servers attempt to obscure their identities and make the requests that they serve appear to come directly from clients, so Web servers can’t always determine whether requests came from a proxy.

Improving security with JFrog and HTTP proxies

JFrog protects your software supply chain and artifacts by centrally managing and scanning packages, container images, source files, and other critical software resources. At the same time, setting up an HTTP proxy helps protect your most sensitive assets – your websites and apps – against abuse by outside attackers.

To learn more about how JFrog and HTTP proxies work together in helping boost enterprise security, please take an online tour or schedule a demo at your convenience.