Understanding Proxy Server

Microsoft Proxy Server routes requests and responses between the Internet and client computers, acting as a liaison between them. In addition to routing requests, Proxy Server provides a cache of frequently requested Internet sites, blocks access to specified sites, and provides secure access between your internal network and the Internet. Proxy Server also offers extensible firewall security features.

With Proxy Server you can:

New Features in Proxy Server Version 2.0

Microsoft Proxy Server version 2.0 offers numerous enhancements, improvements, and new features.

Distributed Caching

With Proxy Server you can now set up distributed content caching among multiple Proxy Server computers. By distributing the load of cached objects, caching performance is enhanced and fault tolerance is provided if one Proxy Server computer is unavailable. Distributed caching can be implemented by using arrays, chains, or a combination of both.

You can also extend caching to include FTP and HTTP version 1.1 objects, and you have greater control over the Time-to-Live (TTL) setting as well.

Array-based content caching   With arrays, a group of Proxy Server computers can be configured and administered as a single entity with a large, logical cache. Arrays also provide scaleability, ease of administration, and are useful in the following environments:

The following illustration shows a typical communication path for a client request to a Proxy Server array.

Proxy Server array
Proxy Server array

Chain-based content caching    Chaining is a hierarchical connection of individual Proxy Server computers. Requests from clients are sent upstream through the chain until the requested object is found. Proxy Server computers can be chained as either individual computers or as arrays. Chaining is also an effective means of distributing server load and fault tolerance. In addition, Secure Sockets Layer (SSL) chaining is now supported.

The following illustration shows a typical communication path through a Proxy Server chain.

Proxy Server chain
Proxy Server chain

You can also combine arrays and chaining, as shown in the following illustration.

Proxy Server chain with an array
Proxy Server chain with an array

Cache Array Routing Protocol (CARP)   This is a new Internet Engineering Task Force (IETF) draft standard for performing scalable array-based and chain-based content caching. The new protocol, developed by Microsoft, provides improved performance when you use arrays or chains. Microsoft Proxy Server 2.0 is the first product to make use of this protocol.

Firewall Security

You can use the firewall security features of Proxy Server to precisely control the flow of information to and from Proxy Server. You can now filter packets, set up security alerts and logs, and authenticate client requests.

Improved Web Publishing Support

You can use the reverse proxying feature of Proxy Server in conjunction with Microsoft Internet Information Server to publish to the Internet without compromising the security of your internal network. Proxy Server uses reverse proxying and reverse hosting to send requests to Web publishing servers connected behind the Proxy Server computer.

Now you can place your Web server behind the Proxy Server computer to publish to the World Wide Web without compromising the security of the Web server or its data. Proxy Server "impersonates" a Web server to the outside world, while your Web server maintains access to internal network services.

Reverse hosting allows several servers, not just a Web server, that are located downstream behind the Proxy Server computer to publish to the Internet, providing great flexibility and security in Web publishing.

The following illustration shows a typical communication path for reverse proxying.

Reverse proxying
Reverse proxying


Enhanced Interoperability

Proxy Server works with other applications and supports the SOCKS protocol.

Improved Administration

You can use the administration tools provided with Proxy Server to install or administer Proxy Server locally or remotely from an MS-DOS prompt. You can also manage computers in an array simultaneously, create client configuration scripts, and back up your server configuration.

Enhanced Performance

Proxy Server uses the latest version of HTTP, client configuration scripts, and CARP to enhance performance.

Proxy Server implements all product features by using the following three services:

The Web Proxy Service

The Web Proxy service supports proxy requests from any browser that is compatible with the standard CERN proxy protocol, such as Microsoft Internet Explorer or Netscape Navigator. You can use a computer that runs any operating system, such as Windows 95, Windows NT, Macintosh, or UNIX. The following illustration shows the communication path for the Web Proxy service.

The Web Proxy service communication path
The Web Proxy service communication path

The Web Proxy service provides the following features:

The WinSock Proxy Service

The WinSock Proxy service makes a Windows Sockets–compatible client application, such as Telnet, mail, news, NetShow, RealAudio, or IRC, perform as if it were directly connected to the Internet. The client application makes Windows Sockets API calls to communicate with an application running on an Internet-based computer. The WinSock Proxy components redirect the necessary APIs to the Proxy Server computer, thus establishing a communication path from the internal application to the Internet application through the Proxy Server computer. The following illustration shows the communication path for the WinSock Proxy service.

The WinSock Proxy service communication path
The WinSock Proxy service communication path


The WinSock Proxy service provides the following features:

The Socks Proxy Service

SOCKS is a cross-platform mechanism that establishes secure communications between client and server computers. The Socks Proxy service supports SOCKS version 4.3a and allows users transparent access to the Internet by means of Proxy Server. The Socks Proxy service extends the redirection provided by the WinSock Proxy service to non-Windows platforms. It uses TCP/IP and can be used for Telnet, FTP, Gopher, and HTTP. The Socks Proxy service does not support applications that rely on the UDP protocol.

Socks Proxy clients establish a connection to the Proxy Server computer and the Socks Proxy service relays information between the client and the Internet server. Security is based on IP addresses, port numbers, and destination hosts. The Socks Proxy service does not perform client password authentication, nor does it support the IPX/SPX protocol.

The Socks Proxy service provides the following features:


© 1997 by Microsoft Corporation. All rights reserved.