What are Proxy, Gateway and Tunnel in the HTTP protocol?

Asked

Viewed 1,205 times

29

In the HTTP protocol specification, more precisely at RFC 7230, provision is made for the possibility of intermediaries between the user agent (UA), the entity that makes the HTTP request, and origin server (O), entity that will respond to the request.

The right arrows indicate the path of the HTTP request and the left arrows indicate the path of the HTTP response. Entities A, B and C are the intermediary entities that communicate with each other, with the user agent or origin server through four HTTP connections.

inserir a descrição da imagem aqui

The three intermediate entities described are:

  1. Proxy
  2. Gateway
  3. Tunnel

Each intermediary entity may operate as a origin server, proxy, gateway or Tunnel, depending on the nature of the HTTP request it will handle.

What I would like to know is what is the difference between the three types of intermediary entities and when each is used in practice. Also whether the existence of only one intermediate entity is possible or whether they are related to the extent that they exist only mutually.

http

  • See if it helps to solve a similar question in the Forum: <br> https://stackoverflow.com/questions/10377679/whats-distinction-of-http-proxy-tunnel-gateway

3 answers

12

According to the RFC 7230 follows the definitions:

Proxy definition:

A "proxy" is a message forwarding agent that is selected by the client, usually through local configuration rules, to receive requests of some kind of absolute URI and try to satisfy these requests via translation via the HTTP interface. Some translations are minimal, such as proxy requests for "http" Uris, while other requests may require translation for completely different application-level protocols. Proxies are often used to group HTTP requests from an organization through a common intermediary because of security, annotation services, or shared caching. Some proxies are designed to apply transformations to selected messages or payloads while they are being routed.

Gateway definition:

A "gateway" (known as a "reverse proxy") is an intermediary that acts as a source server for the outgoing connection, but translates incoming requests and forwards them to another server or servers. Gateways are usually used to encapsulate legacy or unreliable information services, to improve server performance through "accelerator" caching, and to allow partitioning or load balancing of HTTP services on multiple machines.

Tunnel Definition:

A "tunnel" acts as a blind relay between two connections without altering the messages. Once active, a tunnel is not considered a part of HTTP communication, although the tunnel may have been initiated by an HTTP request. A tunnel ceases to exist when both ends of the relayed connection are closed. Tunnels are used to extend a virtual connection through an intermediary, such as when the Transport Layer Security (TLS, [RFC5246]) is used to establish confidential communication through a proxy for firewall shared.

  • 1

    RFC 7230 makes RFC 2616 obsolete, so it might be interesting to update the answer.

  • I updated. What I did was translate the settings that are in the link.

6

I will try to explain the difference with a few examples. Just reading the definition in RFC I, particularly, have problems understanding the meaning in more practical terms.

Gateway

Imagine that it is the exit door to another network. Making a analogy simple, if your computer is a home and the Internet is outside, the Gateway is the door. Without the door, you are locked in the house.

The Gateway simply routing the requests to the internal network. This is why when you need to access the Internet at home, the Gateway is the router of your residence; it is it that will give access to another network (Internet) without restrictions.

Proxy

It serves to protect the external network. Using the house analogy, it’s a way to let you see outside the house, but just what he wants you to see.

Unlike Gateway, Proxy can perform multiple filters and redirects, allowing or blocking access as desired, keeping all computers in the network anonymous. Usually used by companies to restrict/control Internet access.

A Proxy server that receives requests and transfers them without modifications can also be called a Gateway. Commonly this type of Proxy is called Transparent Proxy Server.

Tunnel

The Gateway and Proxy act as connection intermediaries. This is not the case with Tunnel, because data from one protocol is encapsulated within another protocol, requiring software at source and destination to send/receive the information.

Using the house analogy, it would be as if you dug a tunnel directly to the other house (network) in which you want to communicate, without using intermediaries.

Compared to Proxy, it involves less bureaucracy, as this may require authentication, can add an identifier of it in the header, can respond using cache, etc. Already with Tunnel all requests and responses are passed intact.

In practice, Vpns are a good example for understanding the concept of Tunnel.

5

Proxy and server have settings that use the word program. However, for the gateway this does not happen. This should be one of the differences you should notice.

Try comparing a proxy to a gateway by your request manipulation. A proxy:

"Requests are answered internally or passing them forward, with possible translation, to other servers."

He essentially can change the request or respond with what goes through it.

The definition of geteway is:

"Acts as an intermediary for some other server. Unlike a proxy, a Gateway receives requests as if it were the source server for the Requested Resource; The requesting customer may not be aware that he is communicating with a gateway ".

Thus, the gateway in this context receives and delivers whatever goes through it.

A Tunnel is like a tube with a point at each end. The program or intermediate server is not aware of this connection. This Tunnel can be started by an HTTP request. Tunnel will be terminated when any end decides to drop Tunnel.

https://stackoverflow.com/questions/10377679/whats-distinction-of-http-proxy-tunnel-gateway

  • A proxy serving the response as the request would also not be acting as the source server for the client?

  • A proxy server can optionally change the client request or server response and sometimes make this feature available even without connecting to the specified server. It can also act as a server that caches data on computer networks.

  • A Proxy often does not make contact with the source server, it can serve the cached content and even modify it.

Browser other questions tagged http

You are not signed in. Login or sign up in order to post.