HTML and CSS Reference
In-Depth Information
Proxies and Other Network Intermediaries
In Chapter 7, we discussed proxy servers and how they relate to WebSocket security.
Proxies fall into the category of “middleboxes,” which are network intermediaries that sit
between your web applications and servers.
There are two distinct classes of middleboxes that can impact deployment:
intermediaries that sit between your servers and the Internet, and intermediaries that
sit between your users and the Internet. On the server side, you or your organization
typically controls firewalls and reverse proxies that are part of your server infrastructure.
These server-side intermediaries are added in order to support your infrastructure or
enforce security policies.
On the client side, users are frequently behind firewalls and forward proxies. Their
connections pass through these intermediaries on the way out to the network. With the
exception of some closed environments, you cannot control the networks used to connect
to your servers. You can, however, make decisions when deploying your WebSocket
servers that can make connections through those networks smoother and more
frequently successful.
When considering deploying your WebSocket application, you'll want to take into
account the various possible intermediaries that can handle traffic between your clients
and servers.
Reverse Proxies and Load Balancing
Reverse proxies are specific types of servers that accept web client connections on behalf
of one or more servers. There are several uses for reverse proxies including hiding the
existence and characteristics of the origin servers, application firewall, TLS (or SSL)
termination and offloading, load balancing, caching static content, and enabling dynamic
content through WebSocket. Reverse proxies can also be used whenever multiple web
servers must be accessible from a single public IP address and port.
Figure
8-1
shows a simple topology with reverse proxy server in front of an HTTP
server and a WebSocket server.
