Proxy
A proxy server is used to give access to network services indirectly.
All accesses are handled through the proxy server. There are two main
reasons for using proxy servers; to enhance security and to reduce
network bandwidth.
The rationale for enhancing security through use of a proxy server
is that only the computer running the proxy server will access the
Internet directly. Therefore it is only that computer that is
vulnerable to attacks from the Internet. And since securing one
computer is much simpler than securing all computers, security is
enhanced.
Network bandwidth can be reduced by the proxy caching requests. If
several users request the same page it will only need to be fetched
once over the network. Unfortunately not many pages are cacheable,
since there are so much dynamic pages out there. But it is usually
possible to cache images.
Challenger's proxy capabilities are handled by the
HTTP-Proxy, SSL Proxy and
FTP gateway module. The simplest way to set up a
Challenger proxy server is to create a new virtual server and choose
the configuration type Proxy.
A proxy server must bind to its own port, it is not possible to run
it IP-less. Nor is it possible to have an IP-less virtual
hosting module enabled in the proxy server. Strange things
will happen.
Since the proxy functionality is implemented as modules it is possible
use them in other ways too. For example, it is possible to fetch
www-pages through ftp by enabling the HTTP-Proxy on a
virtual server with an ftp port.
It is important not to enable any dangerous modules in a virtual
server with proxy modules. It is perfectly possible to get a *.pike
file fetched through the FTP Proxy module to run
through the Pike script support module.
It might be necessary to enter a security pattern
for each proxy module, so that it can only be accessed from within
your network. Otherwise your proxy server may give outsiders access to
servers within your network. This is especially important for the
SSL Proxy module.
|