A VPN (virtual private network) and Proxy are two pieces of tech that each has their applications, differences and pros and cons. Both make requests on behave on the client but they are implemented very differently
In a VPN, the client becomes part of a completely different network . So if a client makes a request to a server, the new network makes the request. A VPN makes a machine part of a another network at the lowest level of the network (layer 2) you can a brand ip address a brand mac address. In A Proxy, the client makes the request to the proxy asking it to go to a destination server, and proxy makes the request to the server. VPN Pros - Encrypts traffic - Redirect all traffic at the lowest level (layer 2) - Access restricted content - Access Private networks (work) VPN Cons - Anonymity (uhmm) - Slow extra hops - Double Encryption - VPN can log your data (DNS) Proxy Pros - Caching Layer 7 - Anonymity - not in case of public proxy - Blocking Websites (transparent proxy) - Control and many applications (load balancing, service mesh, firewall proxy security) - Work on Layer 7 and Layer 4 Proxy Cons - Applications can bypass proxy - Not all traffic is routed. HTTP proxy, HTTPS proxy SOCKS proxy - No encryption by default
A proxy is a software that intercepts traffic and forward it to the destination on behave of the client. This extra layer provide several advantages such as caching, load balancing, content filtering and much more.. We made a video about proxy vs reverse proxy check it out if you want to learn more about the difference. In this video we will explain the different types of HTTP proxies and the benefits and use cases of using each coming up.
Transparent proxy (gateway)
HTTP insecure proxy
Service Mesh Proxy
Transparent proxy
It is mostly used by the ISPs, clients don’t know they are connected to transparent proxy. The way it works is it looks at TCP/IP layer 4/3 and forward it to the destination, it might do some content filtering based on the IP address or the port so it blocks certain sites. But thats pretty much it. transparent proxy cannot know which pages are you viewing or your what youtube videos are you watching. It can block you from watching youtube all together but it cannot block you from watching lets say a specific youtube channel that is critical of the government ISP is located at.
Transparent proxy doesn’t change the content.
HTTP Proxy (insecure)
This kind of proxy is used alot, especially in service meshes like linkerd. This kind of proxy have to be configured in the client to use it. Each request will always be targeted to the proxy IP address / port. So when want to make a GET request to husseinnasser.com, and you have a proxy configured, when you look at the TCP packet for that request the destination IP and port is those of the proxy. The proxy looks at the GET request and specifically the HOST header and establishes another TCP connection to the actual destination on husseinnasser.com. So this kind of proxy maintains two tcp connections. Client to proxy and proxy to destination. The proxy have access to the content, it can block the website. It can know what exact page you are viewing. It knows everything because HTTP is insecure. Assuming youtube uses just HTTP, if you have a proxy setup it can block a specific channel or even video from being viewed.
This offloads complex crypto TLS from the main server to this proxy so the main server can do what it does best
- TLS Termination Proxy
- Pros and Cons
- Pros
- Off load crypto to proxy instead of main servers (no longer a problem)
- Have TLS session close to the client
- Decrypt data so HTTP accelerators like Varnish can function correctly.
- Allow intrusion detection system to analyse traffic
- Load balancers can make better decisions on the data (Layer 7)
- Service Mesh in microservices architecture
- Cons
- If proxy got compromised attacker can gains access to all data.
- Limited by the maximum number of connections on the proxy.
In a VPN, the client becomes part of a completely different network . So if a client makes a request to a server, the new network makes the request. A VPN makes a machine part of a another network at the lowest level of the network (layer 2) you can a brand ip address a brand mac address. In A Proxy, the client makes the request to the proxy asking it to go to a destination server, and proxy makes the request to the server. VPN Pros - Encrypts traffic - Redirect all traffic at the lowest level (layer 2) - Access restricted content - Access Private networks (work) VPN Cons - Anonymity (uhmm) - Slow extra hops - Double Encryption - VPN can log your data (DNS) Proxy Pros - Caching Layer 7 - Anonymity - not in case of public proxy - Blocking Websites (transparent proxy) - Control and many applications (load balancing, service mesh, firewall proxy security) - Work on Layer 7 and Layer 4 Proxy Cons - Applications can bypass proxy - Not all traffic is routed. HTTP proxy, HTTPS proxy SOCKS proxy - No encryption by default
What is an HTTP Proxy?
SSL/TLS Termination, TLS Forward Proxy
No comments:
Post a Comment