A proxy server is an in­ter­me­di­ary between a client (e.g., a computer) and a target server, for­ward­ing requests and sending back responses. It can be used for an­onymisa­tion, enhancing security, re­strict­ing access, or speeding up con­nec­tions through caching.

Cheap domain names – buy yours now
  • Free website pro­tec­tion with SSL Wildcard included
  • Free private re­gis­tra­tion for greater privacy
  • Free Domain Connect for easy DNS setup

A proxy server refers to a com­mu­nic­a­tion interface in a network that mediates between two computer systems. The fun­da­ment­al task of the proxy server is to receive client requests on behalf of a server and forward them with its own IP address to the target computer. In this type of com­mu­nic­a­tion, there is no direct con­nec­tion between the sender and the receiver. Oc­ca­sion­ally, the re­quest­ing system and the target computer are unaware that they are dealing with a proxy.

How does a proxy server work?

A proxy server acts as an in­ter­me­di­ary between a client (e.g., a computer or smart­phone) and the target server on the internet.

When a user makes a request, such as accessing a webpage, it is not sent directly to the target server but first to the proxy server. The proxy processes the request, can modify or analyse it, and then forwards it to the actual server. Once the response from the target server arrives, the proxy receives it, may process it again, and sends it back to the user.

Image: Schematic representation of how a proxy server works
A proxy server is an in­ter­me­di­ary between client and server that forwards requests and responses.

Some proxy servers cache fre­quently requested content to provide it faster for later requests and reduce server load. Depending on con­fig­ur­a­tion, the proxy can also filter network traffic, such as blocking or re­dir­ect­ing certain requests. Moreover, it can replace the user’s original IP address with its own, so the target server only sees the proxy IP.

What dif­fer­en­ti­ates proxy servers and VPNs?

A proxy server and a VPN (Virtual Private Network) may seem to have similar functions at first glance, but they differ in their operation and level of pro­tec­tion. While a proxy only redirects the traffic of in­di­vidu­al ap­plic­a­tions or browser requests, a VPN encrypts the entire internet traffic of the device. This provides higher privacy pro­tec­tion and secures data against eaves­drop­ping attempts, even in insecure networks.

Another dif­fer­ence lies in IP masking. While a proxy server merely changes the IP for specific requests, a VPN replaces the user’s entire IP address. Ad­di­tion­ally, VPNs are often more powerful for security-critical ap­plic­a­tions because they protect data from hackers and sur­veil­lance programs. However, this also affects speed. VPNs are generally slower than proxies due to ad­di­tion­al data en­cryp­tion. Proxies, on the other hand, are faster and easier to set up.

How to set up a proxy server

Setting up a proxy server depends on the operating system or the ap­plic­a­tion being used.

  • Windows: On Windows, a proxy server can be con­figured through network settings. Open Settings, go to Network & Internet, and select the Proxy section. There, you can either enter an automatic con­fig­ur­a­tion URL or manually set up a proxy server with IP address and port.
  • macOS: On macOS, set up is done through System Pref­er­ences under Network, where the proxy server is activated and con­figured in the advanced options.
  • Browser: In web browsers, the proxy server can be set up by using the browser settings. This is par­tic­u­larly useful for bypassing network re­stric­tions.
  • Mobile devices: On mobile devices, the proxy server is set under the Wi-Fi settings for the re­spect­ive network.
  • Corporate context: For busi­nesses or larger networks, a proxy server can be set up on a separate computer or firewall, often with spe­cial­ised software like Squid or Microsoft Forefront TMG. Some proxies require au­then­tic­a­tion, where a username and password must be entered. After con­fig­ur­a­tion, the con­nec­tion should be tested by accessing a webpage or checking the IP address to ensure the proxy server is func­tion­ing correctly.

Ad­vant­ages and dis­ad­vant­ages of proxy servers

Proxy servers offer a wide range of ad­vant­ages. Par­tic­u­larly note­worthy is an­onymisa­tion, as the proxy server can mask users’ IP addresses, thereby pro­tect­ing their identity on the internet. Ad­di­tion­ally, proxies enable caching of web pages, which reduces traffic and speeds up load times. A proxy server can also be used for load balancing, dis­trib­ut­ing incoming requests across multiple servers to evenly dis­trib­ute the load.

In busi­nesses and edu­ca­tion­al in­sti­tu­tions, proxy servers are often used to control access to certain websites and filter out unwanted content. Geo­graph­ic re­stric­tions can also be bypassed with a proxy by altering the user’s location. Another advantage is pro­tec­tion from harmful websites, as the proxy server can block sus­pi­cious traffic.

However, there are also some dis­ad­vant­ages. Free or insecure proxy servers can pose a security risk, as they may intercept data and even collect personal in­form­a­tion. Unlike VPNs, many proxies do not offer end-to-end en­cryp­tion, leaving traffic vul­ner­able to in­ter­cep­tion by third parties. Ad­di­tion­ally, proxies can slow down internet speed due to high user numbers or poor con­fig­ur­a­tion. Some websites detect and block proxy IPs, so access to certain content remains re­stric­ted. Moreover, setting up your own proxy server can be com­plic­ated for in­ex­per­i­enced users.

Ad­vant­ages Dis­ad­vant­ages
An­onymisa­tion Security risk when using insecure software
Speed increase through caching Slowdown of internet speed
Access control to websites Blocked proxy IPs sometimes un­in­ten­tion­ally prevent access
Bypass geo­graph­ic­al re­stric­tions Sometimes no end-to-end en­cryp­tion
Blocking sus­pi­cious content
Load balancing

Ap­plic­a­tions of a proxy server

There are various reasons to implement a proxy server. As an in­ter­me­di­ary between two com­mu­nic­a­tion partners, this network component can implement a range of ad­di­tion­al functions.

Load balancing and filtering

A proxy server enables data exchange between two systems even when a direct con­nec­tion is im­possible due to in­com­pat­ible IP addresses—for example, if one component uses IPv4 and the other uses the new IPv6 standard. Data taking a detour through a proxy can also be filtered and cached to block certain web content for clients or auto­mat­ic­ally reject sus­pi­cious server requests.

Fur­ther­more, in the context of load balancing, a proxy server can dis­trib­ute incoming requests across various target systems to ensure a sensible overall network load. Ad­di­tion­ally, a proxy server is a central component of the firewall, pro­tect­ing computer systems from public network attacks.

Proxy as cache

Another standard function for a proxy server is caching. To quickly respond to recurring requests from a local network, a properly con­figured proxy server tem­por­ar­ily stores a copy of the data it receives from servers on the internet in its cache. Fre­quently requested web content doesn’t need to be reloaded every time but can be directly delivered. This saves time and bandwidth.

Bandwidth control and load dis­tri­bu­tion

When a proxy server is used for bandwidth control, it allocates pre­defined resources to network clients based on load. This ensures that in­di­vidu­al ap­plic­a­tions do not com­pletely block the bandwidth. As a central interface, a proxy server also enables the re­dis­tri­bu­tion of resource-intensive client requests or server responses across different systems, allowing for even load dis­tri­bu­tion within a computer network.

An­onymisa­tion

Since proxy servers prevent a direct con­nec­tion between sender and recipient, it is possible to hide a client’s IP address behind the com­mu­nic­a­tion interface. This allows for a certain level of anonymity, as users outwardly operate with the IP address and location of the proxy. In countries with strict internet cen­sor­ship or re­stric­ted access to copy­righted content, proxy servers abroad are sometimes used to bypass geo-blocking.

What are the different types of proxy servers?

In addition to a general proxy defin­i­tion, various names circulate for different types of proxy servers, which are often not clearly dis­tin­guished from one another. They relate to the technical im­ple­ment­a­tion of the network component as well as ap­plic­a­tion-specific dif­fer­ences.

Forward vs reverse proxy

Proxy servers can be im­ple­men­ted in two dir­ec­tions. A forward proxy serves to protect a client network from in­flu­ences from the internet. If the target system, such as a web server, is to be protected by an upstream proxy server, it is called a reverse proxy.

  • Forward proxy (client pro­tec­tion): When a proxy server is installed as an interface between a private network (LAN) and the internet, local devices can be ef­fect­ively shielded from in­flu­ences from the public network. Requests from the LAN are received by the proxy and forwarded with its IP address as the sender address to the target machine on the internet. Response packets from the internet are thus not addressed to the client in the LAN but also pass through the proxy server before being forwarded to the actual des­tin­a­tion. Generally, the proxy server acts as a control instance. Cor­res­pond­ing security systems do not need to be installed on every client in the network but can be im­ple­men­ted on a man­age­able number of proxy servers.
  • Reverse proxy (server pro­tec­tion): Web servers can also be ad­di­tion­ally secured by placing a proxy server in front of accesses from the public network. Clients from the internet do not directly access the target machine. Instead, requests are received by the proxy server, checked according to con­figured security rules, and forwarded to the back­ground server if deemed safe.

Ap­plic­a­tion level vs circuit level

Some proxy servers are tech­nic­ally designed to analyse data packets handed to them for for­ward­ing. Other proxy im­ple­ment­a­tions, however, do not have access to packet data. In such cases, filtering functions can be im­ple­men­ted based on the sender’s IP address and the addressed port.

  • Ap­plic­a­tion-level proxy: An ap­plic­a­tion-level proxy is located on the ap­plic­a­tion layer (Layer 7) of the OSI reference model. This type of proxy server has functions to analyse data packets and block, modify, or forward them according to pre­con­figured rules. An ap­plic­a­tion-level proxy is also called an ap­plic­a­tion or ap­plic­a­tion filter.

  • Circuit-level proxy: The circuit-level proxy operates on the transport layer (Layer 4) of the OSI reference model and, therefore, cannot analyse packet data. This type of proxy server is usually used as a firewall filter module and allows filtering of data packets through ports and IP addresses. Unlike the ap­plic­a­tion-level proxy, the circuit-level proxy cannot influence the com­mu­nic­a­tion itself. Instead, the filtering is based on an all-or-nothing principle. Data packets are either passed through or blocked.

Dedicated vs generic proxy servers

The clas­si­fic­a­tion based on the terms ‘dedicated’ and ‘generic’ refers to whether a proxy server is re­spons­ible for just one com­mu­nic­a­tion protocol (dedicated proxy) or if the network interface serves as a contact point for all com­mu­nic­a­tion protocols (generic proxy).

  • Dedicated proxy: A dedicated proxy server is con­figured for a specific com­mu­nic­a­tion protocol as its name suggests. Typically, different dedicated proxy servers are operated in parallel for various protocols like HTTP, FTP, or SMTP.
  • Generic proxy: Unlike dedicated proxies, a generic proxy server is not spe­cial­ised and is used for multiple com­mu­nic­a­tion protocols.

In practice, an ap­plic­a­tion-level proxy is usually im­ple­men­ted as a dedicated proxy server. Generic proxy servers, on the other hand, are used as circuit-level proxies. Con­sequently, the cor­res­pond­ing terms are sometimes used in­ter­change­ably.

Go to Main Menu