> For the complete documentation index, see [llms.txt](https://zeyad-abulaban.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://zeyad-abulaban.gitbook.io/notes/web-penetration-testing/proxy-servers.md). # Proxy Servers *** \-- [*Usage of Reverse Proxies*](#usage-of-reverse-proxies) * [**Uses of Proxies**](#uses-of-proxies) ## Open Proxies ![openproxy](/files/FoM946hZPgurm7i0eDBG) An **open proxy** is a forwarding proxy server that is accessible by any Internet user. * ***Anonymous proxy*** – This server reveals its identity as a proxy server but does not disclose the originating IP address of the client. Although this type of server can be discovered easily, it can be beneficial for some users as it hides the originating IP address * ***Transparent proxy*** – This server not only identifies itself as a proxy server but with the support of HTTP header fields such as **X-Forwarded-For**, the originating IP address can be retrieved as well. The main benefit of using this type of server is its ability to cache a website for faster retrieval. ## Reverse Proxies ![reverseproxies](/files/thtxgjxnNNFP5CSxNE8B) A **Reverse proxy(or surrogate)** is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers that handle the request. The response from the proxy server is returned as if it came directly from the original server, leaving the client with no knowledge of the original server. #### Usage of Reverse Proxies * Encryption/SSL * Load Balancing * Server/Cache static content * Compression * Security * Extranet publishing: a reverse proxy server facing the Internet can be used to communicate to a firewall server internal to an organization, providing **extranet access to some functions while keeping the servers behind the firewalls**. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet. ## Uses of Proxies #### Content-control software A content-filtering web proxy server provides administrative control over the content that may be relayed in one or both directions through the proxy. It is commonly used in both commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to [**acceptable use policy**](https://en.wikipedia.org/wiki/Acceptable_use_policy). #### Bypassing filters and censorship ![Bypass censorship](/files/0KkVIKuke4fRtPzKzB29) #### Logging and eavesdropping Proxies can be installed in order to [eavesdrop](https://en.wikipedia.org/wiki/Eavesdropping) upon the data-flow between client machines and the web. All content sent or accessed – including passwords submitted and [cookies](https://en.wikipedia.org/wiki/HTTP_cookie) used – can be captured and analyzed by the proxy operator such as BurpSuite. ### Accessing services anonymously * **Access control**: Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the [web](https://en.wikipedia.org/wiki/World_Wide_Web). The organization can thereby track usage to individuals. Some anonymizing proxy servers may forward [data packets](https://en.wikipedia.org/wiki/Network_packet) with header lines such as **HTTP\_VIA**, **HTTP\_X\_FORWARDED\_FOR**, or **HTTP\_FORWARDED**, which may reveal the IP address of the client. Other anonymizing proxy servers, known as elite or high-anonymity proxies, make it appear that the proxy server is the client. A website could still suspect a proxy is being used if the client sends packets that include a cookie from a previous visit that did not use the high-anonymity proxy server. Clearing cookies, and possibly the cache, would solve this problem. ### Security Limit access to **Cross-domain resources** based on the rules and restrictions. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://zeyad-abulaban.gitbook.io/notes/web-penetration-testing/proxy-servers.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.