The first kind of Web proxy principle is particularly simple

Ordinary agent

The HTTP client sends a request message to the proxy. The proxy server needs to properly handle the requests and connections (for example, correctly handle Connection: keep-alive), send a request to the server, and forward the received response to the client.

The following picture from the “HTTP authority guide”, visually shows the above behavior:

If I access the A website through a proxy, for A, it treats the proxy as a client, completely undetectable of the real client, which achieves the purpose of hiding the client IP.

Of course, the agent can also modify the HTTP request headers, by X-Forwarded-IPtelling a true client server IP such as custom head.

However, the server can not verify that this custom header was actually added by the proxy or the client modified the request header, so extra care should be taken when obtaining the IP from the HTTP header field.

This part can refer to my previous ” HTTP request header X-Forwarded-For ” article.

Explicitly designated browsers to the browser, you need to manually modify the browser or operating system settings, or specify the PAC (Proxy Auto-Configuration, automatic configuration file) automatically set, and some browsers support WPAD (Web Proxy Autodiscovery Protocol, Web Proxy auto-discovery protocol).

Explicitly specify the browser proxysite This method is generally called forward proxy, the browser enables the forward proxy, the HTTP request message will make some changes to avoid some of the problems of the old proxy server, this part can refer to My previous ” Http request header Proxy-Connection ” this article.

Another situation is that when visiting a website, the actual visit is the proxy. After the proxy receives the request message, it sends a request to the server that actually provides service, and forwards the response to the browser.

This situation is generally referred to as reverse proxy, which can be used to hide server IP and port.

After the general use of reverse proxy, you need to resolve the DNS domain name resolution to the proxy server IP, then the browser cannot detect the existence of the real server, of course, do not need to modify the configuration.

Reverse Proxy is the most common way to deploy a Web system, such as this blog is to use Nginx’s.