What is the HTTP protocol?
The HyperText Transfer Protocol (HTTP) is a protocol used for data transfer over the Internet. As part of the Internet protocol, it defines services and commands used to transmit webpage data.
HTTP employs a server-client model. A client may, for example, be a laptop, computer, or mobile device. An HTTP server typically runs web host software, such as IIS or Apache. When a website is accessed, the browser (the HTTP client) sends an HTTP request to the relevant web server, and it replies with an HTTP status code. The connection will be granted if the URL is valid, and the web server will then send the webpage and its related files to the browser.
back to menu ↑
What is an HTTP proxy?
An HTTP proxy sits between a Web server and the Web client. It is used to process the HTTP protocol and checks for any potentially harmful content, before sending it to the Web client. The proxy also acts as a buffer between a Web server and potentially harmful Web clients. It is done by enforcing compliance with HTTP RFC and by preventing potential buffer overflow attacks.back to menu ↑
How does an HTTP proxy work?
Although an HTTP proxy operates using the HTTP protocol and is designed for HTTP connections, it can be used for other protocols.
The browser (HTTP client) sends web requests to a proxy which in turn forwards it to the actual web server. The web server sees the proxy server simply as another connection and answers it as usual. The proxy server then delivers the HTTP response to the client. The communication uses standard ports like 80, 8080, or 3128.
This process is transparent, and the overhead for the browser to implement the HTTP proxy is small. A proxy sometimes changes or adds content to the data stream for various purposes. One example of this would be to include the real IP address in a special HTTP header which can be logged on the server, or intercepted in their scripts.back to menu ↑
What is the use of an HTTP proxy?
HTTP proxies can be used to restrict the access to specific Internet resources, to bypass restrictions, or to hide your public IP address and achieve online anonymity.
If, for example, an HTTP proxy is used to grant Internet access in a company, then it allows the administrators to:
- Restrict access to specific resources (e.g., Facebook using a Facebook proxy).
- Cache downloaded files to increase the speed of opening websites. Load balancing may be very important for large websites and web application.
- Limit connection speed.
- Filter data by, for example, displaying transparent images instead of advertising banners. It saves bandwidth and page load time. Content filtering may involve restricted access to certain types of websites, specific applications, or file types.
- Monitor user traffic and keep logs.
On the other hand, an Internet user may connect to remote HTTP proxy servers to bypass restrictions from school or work, or to unblock geo-restricted websites like Netflix, Hulu, BBC iPlayer.
Another essential usage is to try to achieve online anonymity by hiding the real IP address. But, it is essential to understand that not all HTTP proxies hide the user’s IP address. Take a look at the types of proxies listed below.back to menu ↑
Types of HTTP proxies
From the point of view of the anonymity provided, the following proxy types can be identified:
- A transparent proxy passes the real IP address of the user in the HTTP headers and declares to the destination website that a proxy is used. It does not provide anonymity as it does not hide the public IP address of the proxy user.
- An anonymous proxy hides the real IP address but notifies the destination that an intermediate (the proxy) handles the request. Anonymous proxies do not guarantee complete online anonymity.
- Elite proxies or high anonymous proxies do not convey the public IP address of the user and do not declare that a proxy is used. They are considered to be the most anonymous.
From the point of view of the way they handle the HTTP traffic, there are forward proxies and reverse proxies. A reverse proxy server may be an excellent solution for traffic load balancing.back to menu ↑
Where to find HTTP proxies?
HTTP proxies can be found on proxy lists (open proxies) or provided by premium proxy services (like StormProxies and InstantProxies). Additionally, you may get access to HTTP proxies by searching Google on “HTTP proxy,” “free HTTP proxies,” or “HTTP proxy list.”back to menu ↑
How to use an HTTP proxy
HTTP proxies are designed for web browsing and accessing the Internet. Thus, to connect to a proxy from your web browser, you have the following alternatives:
- Use a proxy browser extension offered by the proxy provider. Take a look at the recommended extensions and add-ons.
- Use a generic proxy switcher that allows you to use a proxy from a public list.
- Manually set up the proxy for your preferred browser.
Example: if you want to set up an HTTP proxy for the Chrome browser on your Mac you need to perform the following steps:
- Open the Google Chrome browser.
- Go to Settings > Advanced > System > Open proxy settings. It will open the Network settings of your MacOS.
- Select and check Web Proxy (HTTP) or Secure Web Proxy (HTTPS).
- Fill in the (Secure) Web Proxy Server IP address and port. Also, if the proxy server requires authentication, enter the Username and Password.
- Click Ok, and you have complete the setup of the HTTP proxy.
Important! As the settings are performed to the level of the operating system (MacOS in this case), all applications that operate with the HTTP protocol will use the proxy.
back to menu ↑
HTTP proxy security
When using an HTTP proxy, there is no direct communication between the client and the destination server as both parties communicate to the proxy between them.
In this type of environment, users often trust the proxy to be secure. There are however many ways to compromise the security of the proxy due to complex software frameworks running on a browser. Flash or Java applets are perfect examples of how proxy connections can be broken. Another example is DNS requests which can reach the destination nameserver without the proxy.
Cookies or your browser meta-footprint (user-agent, response times, resolution, etc.) could also identify you if the web server already knows you from past interactions.
At the end of the day, the proxy itself needs to be trusted as it can read all data going through it, and might even be able to break your SSL security.back to menu ↑
HTTP vs HTTPS proxy
HTTPS proxy is a special version of the HTTP-proxy, with the “S” meaning “secure.” This security is achieved with the support of an SSL connection. HTTPS proxies are used when sensitive information, e.g., usernames, passwords, or banking details are sent.
All data transmitted through a conventional HTTP proxy can be intercepted by the proxy, or at a lower level. The HTTPS protocol is used to secure personal data by encrypting all traffic.
The encrypting and decrypting of data is done outside the proxy, and it is used to passively transfer encrypted data only. This method an HTTPS proxy to be used to transfer any TCP-protocol, including POP3, SMTP, IMAP, and NNTP.back to menu ↑
HTTP proxy detection
Can proxy usage be detected? Yes, it can.
There are several ways a website or a web application may detect that an HTTP request comes from a proxy server:
- By checking the HTTP headers. Most of the proxy servers use specific HTTP headers (like HTTP_VIA, HTTP_FORWARDED_FOR, HTTP_PROXY_CONNECTION, HTTP_CLIENT_IP, etc.) when they intermediate the web requests to let the web server know that a proxy is used. However, some proxies (high anonymity proxies) avoid passing these HTTP headers making them more difficult to be detected.
- By checking the IP address of the incoming request. Public IP databases store information regarding the IP addresses used by proxy servers. The information is gathered from public proxy lists and well as from proxy services.
An HTTP proxy has many uses including restrict access to resources, caching files, limiting connection speed, filtering data, monitor user traffic and keeping logs.
While HTTP proxies are not in themselves secure, using an HTTPS proxy can solve this problem through encryption of the data. Although the HTTP protocol was initially designed for web browsing, it is commonly used for some other proxy types.