HTML and CSS Reference
In-Depth Information
Figure 7-2.
Network topology with proxy servers
Figure
7-2
shows three types of proxy servers:
•
Forward proxy server: Typically installed, configured, and
controlled by the server administrator. A forward proxy server
directs outgoing requests from an intranet to the Internet.
•
Reverse proxy server: Typically installed, configured, and
controlled by the server administrator. A reverse proxy server (or
firewall) is typically deployed in a network DMZ in front of the
server and performs security functions to protect internal servers
from incoming attacks from the Internet.
•
Transparent proxy server: Typically controlled by a network
operator. A transparent proxy server typically intercepts network
communication for caching or preventing company intranet users
from accessing the Web for specific purpose. Network operators
may use a transparent proxy server to cache commonly accessed
websites to reduce network load.
All these intercepting proxy servers can be confused by WebSocket traffic, which
can be especially true with transparent proxy servers. For example, attackers may poison
an HTTP cache on a transparent proxy server. HTTP cache poisoning is a type of attack
in which an attacker exercises control over an HTTP cache to serve dangerous content
in place of the requested resources. Cache poisoning became a major issue during the
standardization of WebSocket after a group of researchers wrote a paper outlining a
theoretical attack on transparent intercepting proxies using HTTP upgrade requests. This
paper,
Talking to Yourself for Fun and Profit
(Huang, Chen, Barth, Rescorla, & Jackson, 2011)
