What is a proxy server? How does it work?
When talking about computers, the word “proxy” has lots of different meanings. Like Virtual Private Networks (VPNs) and Tor, proxy servers are ways to gain some privacy while browsing the Internet. Reverse proxies are also how websites handle huge numbers of simultaneous visitors. Given that proxies represent a few different kinds of technology, many people find the distinctions confusing.
In this article, we’ll clear up any misconceptions you might have about proxies. You’ll learn the definition of a proxy server, what types of proxies exist, how they work, and how you can use them.
What is a proxy server?
Most commonly, people use “proxy” to refer to a service they connect to through settings in their web browser. When you connect to a proxy server, all of your web traffic is routed through the proxy server instead of going directly to the website you’re visiting. In other words, a proxy acts as a gateway between users and the internet.
Many different applications on your computer can be configured to use a proxy. Web browsers can use HTTP proxies, which are proxy servers intended to transmit web traffic. When you visit a website while connected to an HTTP proxy, your computer tells the proxy server to request the webpage instead of requesting it directly.
Unlike VPNs, proxies aren’t “tunnels” for your computer’s network activity. Instead, a proxy simply sits between your computer and the resources you’re accessing. While you can set a system-wide HTTP proxy on many operating systems, other kinds of traffic aren’t affected.
How a proxy server works
Proxies are simple middlemen that sit between you and the resource you’re trying to access. When you send a request through a proxy, the proxy server makes the request and returns the result for you.
Regardless of which exact type of proxy you’re using, this general principle usually applies. Proxies do not normally place your traffic into an encrypted tunnel; they simply request resources on your behalf.
However, some proxies can actually encrypt your internet traffic, hiding it from your internet service provider (ISP). On the other hand, the owner of the proxy server might have access to this data, so you have to really trust the proxy provider if you want to use the service safely.
Proxies also change your IP address. In this way, the website you visit thinks you’re coming from another country, which helps you stay anonymous. However, the proxies that lack encryption might accidentally leak your IP address.
Interestingly enough, it’s also possible to block websites by using a proxy. If your company uses a proxy server for security, it can also choose which sites you can access based on the proxy’s IP address.
Types of proxies
There are several different proxy types, each suited for a different use case. Here are some of the more common types.
Transparent HTTP proxies
These proxy servers use the simplest kind of proxy technology possible. They don’t encrypt data being transferred, unlike a VPN or SSH SOCKS proxy. In essence, this kind of proxy just forwards requests to destination servers.
Transparent proxies don’t add encryption or any other security features to the connection, and they also don't hide the user’s IP address. Proxies use the standard X-Forwarded-For HTTP header to achieve this.
If you’re looking to protect your privacy or avoid censorship, a transparent proxy is probably not the right choice for you.
The concept of transparent proxying provides the technology behind reverse proxies. Instead of making connections on a client’s behalf, reverse proxies listen for connections on a server’s behalf.
Unless you’re hosting your own website, a reverse proxy is not very useful. That said, every major website uses them. If you’ve ever seen a “504 Gateway Timeout” error, that’s the reverse proxy telling you that the backend server is not responding.
SOCKS, or Socket Secure, is an encrypted proxy technology. When you connect to a SOCKS proxy in your web browser, all of your traffic is encrypted on its way to the proxy server.
Compared to the other types of proxies, SOCKS proxies are most similar to VPNs. However, they’re usually per-application rather than system-wide.
The Secure Shell (SSH) protocol is normally used to remotely access servers. However, it can also be used to quickly create a SOCKS proxy using a remote server. We’ll cover this approach in more detail later in this article.
What is a proxy server used for?
Proxies can be used to solve a variety of problems. Here are a few of the most common issues addressed through the use of a proxy server:
- Content filtering and security. Schools and workplaces use proxies to secure and filter content on their networks. With a man-in-the-middle root certificate, network administrators can also access content secured with HTTPS.
- Bypassing censorship. Coincidentally, people also use proxies to circumvent censorship and filtering. Many networks are smart enough to prevent this now, though.
- Handling traffic. Reverse proxies let web developers handle large traffic influxes and use modern web features while saving time.
- Traffic tunneling. SOCKS proxies allow users to tunnel web traffic to another server, either to avoid filtering or to access another network. These proxies are similar in use to VPNs, although far more people use VPNs nowadays.
Are proxy servers safe?
As with VPNs, unscrupulous proxies can steal your traffic and sell it for profit. You cannot guarantee that any third-party proxy is completely safe from this. That said, if you pay for a proxy service, the company probably promises not to log your traffic.
If you set up your own proxy server, you don’t have to worry about this possibility. However, you take on the responsibility of maintaining and securing the server. If you accidentally leave your proxy server open to the Internet with no authentication, anyone can use your Internet connection. This can land you in lots of trouble, so be sure to use secure authentication.
Another concern with proxy servers lies in the fact that they operate on a per-application basis. It can be easy to forget that certain apps aren’t using the proxy while others are. Be careful in ensuring that each application that you mean to use with your proxy is set up right. If you need more complete privacy, use a VPN or Tor instead.
What is a reverse proxy?
When web developers build interactive websites (or web applications), they often use two web server programs where one is configured as a reverse proxy. Different types of web servers are better suited to different tasks. The reverse proxy lets developers take advantage of both programs’ specialties.
Most web application frameworks—the programming tools that developers use to build web applications—provide a web server program out of the box. This web server is easy to use and integrates well with the framework. However, it usually can’t handle HTTPS, HTTP/2, and other modern web standards.
Smaller websites can put both web server programs on one computer, while big companies use hundreds or or even thousands of physical servers.
To gain these important features while making development easier, programmers set up reverse proxies like this:
- When a user’s request arrives at the website, it actually contacts the reverse proxy—not the real backend web server. This “outer” web server simplifies the user’s request with technology that the real backend can understand.
- From the inner web server’s perspective, a new connection just came from the reverse proxy, not the user’s computer. The backend processes the request and sends it back to the reverse proxy server, which then returns it to the original user.
With a reverse proxy, website owners get to capitalize on new technologies without upgrading their backends. Reverse proxies can also handle more traffic, speed up connections, and solve security problems.
What are network proxy settings?
Each application that supports proxies on your device can be configured separately to use your proxy. In your browser, this usually comes along with other network settings.
Firefox supports SOCKS proxies natively, unlike some other browsers. Just about every browser and networked application works with regular proxies, however.
On some devices, you can configure a global HTTP proxy. Note that other kinds of traffic are not sent with the proxy, so this isn’t a complete anonymizing solution.
Different operating systems put proxy settings in different places. On Windows and macOS, you can find proxy settings near other network settings in Settings or System Preferences. However, browsers sometimes also offer their own independent proxy settings.
To set a proxy, you’ll need its hostname or IP address, connection type, and port.
How to check your proxy settings
To verify that you’ve set everything up correctly, check your external IP address. You can simply type “what is my IP address” into Google to see where your traffic exits to the Internet.
If you’re looking to guarantee real privacy, make sure that you’re using a SOCKS proxy. Also, make sure that every application you are looking to use—or your system as a whole—is configured to use the proxy. Just because your web browser reports the proxy setting correctly does not mean that other applications do as well.
How to set up a proxy
Setting up your very own proxy server requires a bit of technical know-how, but it isn’t too difficult. Since SOCKS is the most secure proxy protocol, we’ll use that in this guide. You’ll need a user account on a Linux server with SSH access. If you don’t have one of those, providers like DigitalOcean and Linode sell very inexpensive virtual private servers.
Make your own Linux-based SOCKS proxy
If you have access to a Linux server (or you can spin one up), you can easily make your own SOCKS proxy. In fact, you don’t need anything installed on your server other than the SSH daemon, which you probably already use for remote administration.
- Open a Terminal on your local machine. On Windows, the Command Prompt or PowerShell will work—Microsoft has already installed an OpenSSH client for you. When using macOS, open Terminal.app. On Linux, open your preferred terminal emulator.
In the terminal, run this command: ssh -i ~/.ssh/id_rsa -D 1234 -f -C -q -N [email protected] Here’s what each argument does:
- -i: Tells the SSH client where to look for your SSH key used to log into the remote server. If you use password authentication, you don’t need this part.
- -D: Tells SSH that we want a SOCKS proxy on the port you specify. In this case, we’re using port 1234.
- -f: Moves the process to the background so you can run other commands in the terminal.
- -C: Enables compression so that you won’t waste as much Internet bandwidth.
- -q: Disables log and debugging messages in the terminal.
- -N: Tells SSH that you’re not actually sending commands to the server; just using it as a proxy.
- [email protected]: Your username on the server and the server’s hostname (or IP address).
In your browser or computer network settings, configure a SOCKSv5 proxy. Here’s how do to that in Firefox:
- Open Preferences using the menu button.
- Scroll down and choose Network Settings.
- Select Manual Proxy Configuration.
- As the SOCKS host, type “localhost”. Use the port you specified earlier.
- Select “Proxy DNS when using SOCKSv5”.
- Click OK and test your settings.
Are proxy servers free?
It depends. If you set up your own proxy server, you won’t have to pay a dime (unless you’re paying for hosting). On the other hand, commercial proxy servers can cost money, just like a VPN.
What’s the Difference Between a VPN and a Proxy?
VPNs offer more complete protection against a wide range of attacks and deanonymization efforts. Proxies usually only protect information from one application, while VPNs are system-wide. Some types of proxies don’t even encrypt data between your computer and the proxy server. Plus, many proxies are actually transparent, meaning that the remote server knows your IP address.
We cover this topic in more detail in a separate article here.
Are proxy sites illegal?
Not inherently. VPNs aren’t illegal in most countries so long as you use them for legal purposes. The same concept applies to using proxy servers and sites. If something is illegal without a proxy, VPN, or Tor, it’s illegal using these anonymizing technologies too.
Does a proxy hide your IP address?
Not always. Different kinds of proxies may or may not be transparent. Transparent proxies send your IP address along with your request to the server on the other end. If you’re using a proxy service that’s specifically designed for anonymity, your IP address is probably hidden.