Proxy Servers A Brief

Overview
April 2010

Blue Coat Systems Confidential

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered
in certain jurisdictions. All other product or service names are the property of their respective owners.

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Proxy Servers: A definition

A proxy server is a server (physical or software) that acts
as an intermediary between clients requesting data from
other servers.
The majority of proxy servers are serving HTTP content
Blue Coat Security Gateway (SG) units are proxy servers
Blue Coat SGs can proxy the following protocols:
HTTP, HTTPS, FTP, SOCKS, Telnet, IM (AIM, yahoo,
MSN), DNS and Streaming Media (Real, Quicktime,
Microsoft)

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

Why Use a Proxy?

A proxy can improve security by inspecting web content
before it reaches end users
A proxy can use a different AV engine to scan executable
content than the desktop systems
A proxy can authenticate users and log usage
A proxy can perform URL filtering to block non business
related web sites
A proxy can improve performance by caching content to
serve it faster to users on subsequent reads
Blue Coat SG performs all these functions in a secure
purpose built platform

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

Proxy vs. Firewall

Firewalls operate at layer 2 and 3 of the OSI model
Firewalls can be configured with rules around IP
addresses and TCP/UDP ports
Firewalls cannot distinguish further details for instance,
a firewall would know HTTP traffic (since it is using port
80) but not which web site or what content
Proxies can operate on all layers of the OSI model
Proxies terminate the TCP session from the client and
re-initiate the session with the server
Proxies can distinguish web site location, type of content,
and verify DNS lookups match destination sites

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

Proxy Types
There are two main types of proxies: forward and
reverse
Forward proxies accept requests from clients and send
those requests to various origin content servers (OCS)
Reverse proxies are deployed in front of server farms
and serve content to clients directly, which decreases the
load on the server(s)
Blue Coat SG can be deployed in either forward or
reverse mode

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

How does traffic get to flow through the

proxy?
In order to use a proxy, all traffic destined for OCS must
first hit the proxy
There are two ways to accomplish this:
1. Force all the traffic for a certain protocol through the
proxy without configuring the client software (known as a
transparent proxy deployment)
2. Configure each client with the address of the proxy
(known as an explicit proxy deployment)
There are pros and cons to each method
The Proxy Deployment Models module in BCCPSE-S
covers the pros and cons in detail
6

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

Transparent Proxy Packet Trace

Packet source IP is client IP
Packet destination IP is OCS (server) IP
Request is formatted as follows:
GET / HTTP/1.1
HOST: www.bluecoat.com
Proxy intercepts traffic and sends the request to OCS
The proxy can be configured to send the original client IP
as the source IP or the proxy IP as the source IP

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

Explicit Proxy Packet Trace

Packet source IP is client IP
Packet destination IP is proxy IP
Request is formatted as follows:
GET http://www.bluecoat.com/ HTTP/1.1
HOST: www.bluecoat.com
Proxy intercepts traffic and sends request to OCS
The source IP of the request will be the IP address of the
proxy

Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential

 Blue Coat Systems, Inc. 2010. All Rights Reserved.

Blue Coat Systems Confidential