Proxy servers and HTTP tunnels help us access content on the World Wide Web (WWW) when navigating different networks of the internet. A proxy server is an application that can sit anywhere on the network between your local computer and the destination. It acts as an intermediary for requests from clients to servers, functioning on behalf of the client when requesting a service, potentially masking the true identity of the client. There are two types of proxies: forward proxies and reverse proxies.
Forward Proxy
A forward proxy, often called a gateway, proxy, or web proxy, provides proxy services to one or a group of clients. There are hundreds of thousands of proxies on the internet. They store internet services and forward requests from client machines, such as DNS and web pages, to reduce and control the bandwidth used by the clients. Forward proxies can also be anonymous and allow users to hide their IP address while browsing the web or using other internet services. TOR (The Onion Router) routes internet traffic through multiple proxies for anonymity.
Reverse Proxy
Reverse proxies are for services instead of clients. A reverse proxy appears to clients as an ordinary server. It forwards requests to one or more ordinary servers, without clients knowing the details of the individual servers. Reverse proxies are often used for load balancing, static content caching, compression, security and SSL encryption.
HTTP Tunneling
HTTP tunneling is used to bypass firewalls, NATs, ACLs and other network restrictions by establishing a direct network link between your computer and the destination server. Tunnels are often created to ship a foreign protocol across a network that normally wouldn’t support it. You can take protocol A and wrap it - or put it in a tunnel - with protocol B.
The most common form of HTTP tunneling is the HTTP CONNECT method. The client asks an HTTP proxy server to tunnel a TCP connection to the desired destination. The server then proceeds to make the connection on behalf of the client. Once the connection is established by the server, the proxy server continues to proxy the TCP stream to and from the client. If a user tries to retrieve a page http://www.google.com, the proxy can send the exact same request and retrieve a response on the user’s behalf. This mechanism is how a client behind an HTTP proxy can access websites using SSL or TLS (i.e. HTTPS). With SSL/HTTPS, only the two remote endpoints understand the requests, and the proxy cannot decipher them.