An Interesting Article About Proxy Site Working

proxy coding

If I access the A website through a proxy, for A, it treats the proxy as a client, completely undetectable of the real client, which achieves the purpose of hiding the client IP.

How The IP Changed By Using Proxy Site

Of course, the agent can also modify the HTTP request headers, by X-Forwarded-IPtelling a true client server IP such as custom head. However, the server can not verify that this custom header was actually added by the proxy or the client modified the request header, so extra care should be taken when getting the IP from the HTTP header field. This part can refer to my previous ” HTTP request header X-Forwarded-For ” article.

Explicitly designated browsers

Explicitly designated browsers to the browser, you need to manually modify the browser or operating system settings, or specify the PAC (Proxy Auto-Configuration, automatic configuration file) automatically set, and some browsers support WPAD (Web Proxy Auto discovery Protocol, Web Proxy auto-discovery protocol). Explicitly specify the browser proxy This method is generally called forward proxy, the browser enables the forward proxy, the HTTP request message will make some changes to avoid some of the problems of the old proxy server, this part can refer to My previous ” Http request header Proxy-Connection ” this article.

Resolution To The Proxy Server IP

Another situation is that when visiting A website, the actual visit is the proxy. After the proxy receives the request message, it sends a request to the server that actually provides service, and forwards the response to the browser. This situation is generally referred to as reverse proxy, which can be used to hide server IP and port. After the general use of reverse proxy, you need to resolve the DNS domain name resolution to the proxy server IP, then the browser cannot detect the existence of the real server, of course, do not need to modify the configuration. Reverse Proxy is the most common way to deploy a Web system, such as this blog is to use Nginx’s proxy_passfeatures will forward the request to the browser behind Node.js service.



After the above code is run on the local 8888open port for the HTTP proxy service that parses the request URL and other necessary parameters from the request message, the new request to the server and forwards the request agent received a new request, final Then the server response back to the browser. Modify the browser’s HTTP proxy to the HTTP Web site and then, agents can work properly.

However, after using proxy site, the HTTPS website is completely inaccessible. Why? The answer is very simple, this agent provides HTTP service, and there is no way to carry HTTPS service. So whether this proxy to HTTPS on it? Obviously not, because the essence of this proxy is a middleman, and HTTPS site certificate authentication mechanism is hijacking nemesis nemesis. In normal HTTPS service, the server does not authenticate the client’s certificate. The middleman can successfully complete the TLS handshake as the client and the server. However, the middleman does not have the private key of the certificate. In any case, the server cannot establish a TLS connection with the client. Of course, if you have a certificate private key, the proxy certificate corresponds to the HTTPS website of course no problem.