From 《HTTP Definitive Guide》:
private HTTP proxy are not common, but they do exist, especially when running directly on the client computer. Some browser auxiliary products, as well as some ISP services, will run some small proxies directly on the user's PC in order to extend browser features, improve performance, or provide host advertisements for free ISP (Internet Service Provider) services.
how to understand it?
why it can extend the browser features?
A private proxy acts as an intermediary between a client and the internet. Applying a private proxy means that one client is exclusively using the dedicated IP address at a given time. When a private proxy is in use, requests run through the proxy server (which masks the client’s original IP address) first, and only then connects to the internet resources to fulfill client’s requests.
Private proxies provide you with the highest level of anonymity, they are used not only for personal but also for business purposes. While personal use cases usually involve anonymity and you can setup your Chrome browser to use a proxy which will route all traffic via a specific endpoint, business uses are different.
For example, ad verification companies use private proxies to check advertisers’ landing pages anonymously. Or, let’s take travel fare aggregators whose businesses almost entirely depend on private proxies. For travel fare aggregators proxies enable automated data collection of flight company websites, online travel agencies, and other sources without IP blocks or bans.
Related
Based on my understanding, there are some tools that can send a request from an IP address and make the request appear to servers like from another IP address, including from localhost.
Now I have a server with a specific API that only allows requests from localhost but has some other APIs that allow requests from the internet.
The only way I can think of is to set the firewall so that any incoming packet will be blocked if the destination contains the "localhost only" API name. However this forces me to design my server in such a way that no other APIs has a substring name of the "localhost only" API. This means the "localhost only" API cannot have a short name and can be a risk if I forget this fact and/or the code is maintained by other people in the future.
Ideally, I want to distinguish whether a request truly comes from localhost at application layer and if not so block further processing of the API.
What I want to know is whether this is possible or not, in terms of networking.
Should I use HTTP or HTTPS to communicate between services on my virtual private network (VPC)? What are the risks (if any) of using HTTP in such scenario?
My naive reasoning is that given the inherent privacy of the network, HTTP should be suffice for internal communication between servers inside of said network. Am I wrong to make such assumption?
I've searched through GCloud VPC documentation, yet can't find anything regarding this question. I've also found this article on AWS HTTPS, yet again no indication as to whether one or other should be preferred.
I'd link up more sources, but I can not find any articles arguing for either.
As per my understanding, a VPC network isolates the traffic and puts some security measures in place that prevent your traffic from being seen from a different VPC. That being said, the security of the resources is a shared responsibility in cloud environments. In case there is a security breach inside GCP that allows someone to gain access to my VPC and sniff the traffic, if I'm using HTTPS, the communication is encrypted and I am adding another layer of security. Therefore, I would always go with the safest option (HTTPS).
I'm trying to solve an architecture design puzzle, it's about designing an infra for keeping data and servers as much secured/hidden as possible, here are requirements:
I want to hide the internal design of my infra (several data servers with public and private hosts)
I want to access to each service using same IP address, and the query is forwarded to right server based on something (cookie, uri, port or whatever)
access to data service must be enforced with ssl/tls encryption
After studying carefully these requirements I was thinking about using a reverse proxy and grant access to all data services only across the reverse proxy server, an other pro of a reverse proxy is that access authentication is enforced at once with sll/tls encryption and no need to configure each endpoint separately.
my real issue is that I didn't find any reverse proxy that supports tcp queries, and same for static load balancing algorithms that are supported only for HTTP requests, (haproxy for instance)
Any idea how to solve this issue ?
Thanks to all
My college has different proxies for accessing Internet like 192.168.0.2/3/4 and also a specific port number.What is the advantage of using this ? I also would like to know what exactly happens there.I also heard that my institution has different ISP connections shared over the same network. What is the role of proxy there?
It will be very easy to know if you understand what proxies do and why they are used generally. Which could be found on a magical website called www.google.com. By using a proxy, you get more control over the network because all request go through there.Your school may want to do stuffs like traffic shaping, content filtering etc. Using the proxy server will make sure all request to the internet are routed there first.
Proxies are good for a few things:
Filtering. By using a proxy, your college can filter out viruses, porn, Facebook or torrent downloads.
Logging. By requiring a username and password, the college can track what you do with your internet time, and can tell you off if you go somewhere you shouldn't or help you be allowing them to do traffic shaping, or other network maintenance.
Line Bonding. For example, if you have two ADSL lines of 5Mb, you can bond those to get a 10Mb line (normally this is done at the gateway stage, and not the proxy, but it is possible to do it at this stage of the network)
Failover. Again, this would normally be done at the gateway/router stage. This detects which lines are active and routes your traffic to those lines.
Network Connectivity. If your college is in-turn part of a bigger academic network, this could allow crossing those network boundaries to get internet access.
Although those are valid possibilities, it's probably just for Filtering...
In the wider internet, proxies are in use for allowing access to blocked content - like giving China access to Google...
I have a web form that needs to act differently if the request to that form came from an internal network address or from a public IP address. I'm trying within my web form to determine if the request is from an internal network IP. Can I reliably do this, or can clients fake their source IP? Can I trust the information contained in Request.UserHostAddress?
No, you can't unfortunately. It's pretty trivial to construct an HTTP request with spoofed headers.
IP Spoofing is basically possible: Wikipedia but has limited use (as far as I understand, it is very hard to actually pull any data that way)
Best thing would of course be to route/restrict traffic on firewall or proxy level (establish a rule that allows local traffic only going to your site) to create maximum security.