How Does a Reverse Web Proxy Server Work?
A reverse Web proxy server operates in much the same way as a forward Web proxy server. However, instead of making Internet resources accessible to internal clients, reverse proxy makes internal resources accessible to external clients.
The following steps outline how a reverse Web proxy server works:
1. A user on the Internet makes a request for an object located on a Web server that is on an internal network protected by a reverse proxy server. The client computer performs a DNS lookup using the fully qualified domain name (FQDN) of the hosting server. The DNS name will resolve to the IP address of the external network interface on the proxy server.
2. The client application sends the request for the object to the external address of the proxy server.
3. The proxy server checks the request to confirm that the URL is valid and to ensure that there is a policy in place that allows access to the requested content.
4. The proxy server also checks whether the requested object already exists in its local cache. If the object is stored in the local cache and it is current, the proxy server sends the object to the client from the cache. If the object is not in the cache, the proxy server sends the request to the appropriate server on the internal network.
5. The Web server response is sent back to the proxy server.
6. The object is returned to the client application that made the original request.
You can deploy ISA Server 2004 as a Web proxy and a Winsock proxy server. In fact,as soon as you enable access to Internet resources for internal clients, ISA Server begins to operate as a Web proxy server. However, there are also several Web proxy server settings that you can modify on ISA Server.
You can configure several Web proxy settings on ISA Server. To do so, perform the following procedure:
1. In the Microsoft ISA Server Management Console tree, expand the Configuration node and select Networks.
2. Click the network whose Web access properties you want to configure. If you are configuring access to the Internet for internal clients, select the Internal network.Click Edit Selected Network.
3. Click the Web Proxy tab to configure the Web Proxy settings for ISA Server. The interface is shown in Figure 5-3. First, ensure that Enable Web Proxy Clients is selected. This is selected by default.
On the Web Proxy tab, you can choose to enable or disable HTTP connections on the specified port number. You can also enable or disable Secure Sockets Layer (SSL) connections. If you select this option, ISA Server will listen for HTTPS connections on the port specified. If you enable SSL, you must also configure a certificate that will be used for SSL authentication and encryption. Web browsers cannot use this setting for Internet access, but it can be used for Web chaining scenarios.
4. To configure the Advanced Settings, click Advanced. The interface is shown in Figure 5-4. On this tab, you can configure the number of connections, which will limit the number of users that can connect to the ISA Server at one time. You can also specify a connection timeout value, which sets a timeout limit for idle connections.
5. To configure ISA Server as a Winsock proxy server, you must configure the Internal network properties so that Firewall clients are supported. To configure this, click the Firewall Client tab on the Internal network properties and ensure that Enable Firewall Client Support For This Network is selected.
