You are on page 1of 7

Proxy server shielding


Or a simple case will be to imply a simple algorithm proposed here on the proxy server part (novice part). extra central processing unit (which of course are costly) and will result in the lowering of the speed/ increase access time as the master server now has to schedule between the servers heavyweight (price wise and coding wise). The humongous task is to differentiate between the normal request and abusive request. the algorithm helps proxy shields the server from the majority of traffic and thus majority of security issues. Many web server use an intermediate proxy server before its main server for various reasons. In many case. Proxies efficiently hide the machine’s address and thus shielding the server machine from illegal access. From simple to complex tasks. The main idea lies in the fact that that the static content rarely changes it’s state and thus can be passed on as such many a times and whenever it’s state is changed . dynamic content state largely depends on the instance of time at which the request is made therefore it will be handled by the big server itself. Novice part simply constitutes a piece of software whose main work will be to handle the static requests. The proxy used at the server side is known as reverse proxy. The data requested is processed by proxy. the threat generated by it has also been increased. To handle the situations when server is heavily loaded we can use another machine or another proxy server which means purchasing more memory. With this solution master server will spawn additional threads/processes only for static pages and it will return answers to novice very fast and then can free resources to use them to handle other queries. the proxy server are the actual server to the client machine. computer and the net are used. Whereas. Nowadays we are focusing mainly an on web application.Abstract A proxy server is a kind of buffer between the client and the server. which is our main (master) With the popularity of internet. The abusive request ranges from simple poking Server will handle the various other requests. and then passed on to the database server. Introduction . Master part. Novice can wait very long time while client will receive his content and will close connection – backend server will not consume resources for such long time! Thus. and if needed is passed on to the server machine. accelerated redirections and generations of logs. The general architecture of client server is such that the client request is processed by big server. the proxy cache will be refreshed with the same.

What to do if you are not in position to make such an investment. Leaving these things aside there is another form of threat. The answer to that will be first of all it does not look neat by this way. This paper proposes a simple web architecture and even simpler flow chart which makes use of proxy server to handle such situations which calls for a server to handle heavy traffic and a potential threat. Threat Modeling Server crashes can become a common problem efficiently. But the problem is this will involve cash whose value may vary depending on the type of upgrade you are making. The idea proposed can be implemented by a simple code written in language native to the server. In a minute or two it will resume its normal functionality. etc. Server crashes opens you up to a wide range of problems. If the heavy traffic is intentionally directed by the foreign agents. which looks like a premeditated attack and sometimes may not even originate from/by the foreign agents.(where a same request is in abundance) to complex denial of service attack or network behavior anomaly. Frequent failures might render recovery impossible leading to loss of data. are the machines which processes the client request. if your server is heavily accessed and hosts some real time application. why make so fuss about the server crashes. Clients can be general machines or any other server. Now. but the most importantly. Servers. configuring the server. Server crashes will ultimately affect the hardware of the machine which is costly to replace and purchase. Web sites responses which are dependent on such servers. these lightweight changes will increase the efficiency of the system without any heavy investment. then although the system will feel the crunch but will not give up easily. at first it may not look like huge problem and if you ask why then the answer will be that the machine will restart automatically or if need reboot it manually. if fails frequently. as introduced earlier. if the traffic is not handled . A simple solution to such situation will be to divide the load by introducing another brand new server or upgrade available server. What we are talking here is about the server crash. then it will lead to loss of business to them. then amplitude of loss incurred will be large. and also don’t want to lose your present client base. Frequent failures will not only affect the service but also will result into the loss of business as well. So.

to the client. Most of the time the request is directed to the cache maintained. which is our main server. The number of access made to the server is reduced and also the master does not wait for the client to respond back. Use of another proxy server will result into extra cost. and all the security checks are integrated in the server machine. dynamic content’s state largely depends on the instance of time at which the request is made therefore it will be handled by the big server itself. Request made by client is processed by the server machine. sniffing out the unsolicited traffic and other miscellaneous chores which further puts pressure on the server machine. will handle the request for the dynamic content and other important chores. Master part.Logs may not be generated properly and this lacking of the important information will hinder the process of finding the cause for such a huge traffic which caused crash. server creates a process/thread to handle it. An attacker could simply force many infected machines to ask for same file an infinite number of times. and use the resources for other chores. With the increase in requests the processes increases and the resources required are also increased. The other chores like maintaining the log. All this done by just implementing a lightweight code based on the flow chart (algorithm). Existing scenario A general web client – server architecture involves a client machine dealing with the server machine over a network. As a request is received. logs are generated. This is taken care by the algorithm. accelerated redirections and generations of logs and involve master only when needed. The existing servers are process based. comparatively low speed and modifications undesirable. Thus. Novice part simply executes the steps whose main work will be to handle the static requests. The main idea is the fact that that the static content rarely changes it’s state and thus can be passed on as such many a times and whenever it’s state is changed . the cache will be refreshed with the same. which is Proxy server in Action Now what is being proposed in this paper is the big backend server will spawn the threads for the novice then it will relieve it. Whereas. . the proxy with the help of algorithm shields the server from the majority of traffic and thus majority of security issues. Up to a point the system can handle this load but after the maximum limit is reached it renders system unstable.

the method used by the client is GET. the client requested the resource /apache_pb. At this time. Figure 2 Analysis of Algorithm Let us analyze the flowchart shown in figure 2. security warning. Only single processes will be active which listens to the response of the client. The algorithm comes into action as soon as the request is received from the client. userid of the person requesting the document as determined by HTTP authentication. and if it does.Figure 1 Then it checks whether the content is static or dynamic. Here lies the dividing of load. First. it is initiated by the authentic person. Second. The first piece of work it does is generate a log in the log file recording access logs. etc. It is also possible to log one or more parts of the request line independently.gif. The request line contains a great deal of useful information. Since the static content does not change it state. the client used the protocol HTTP/1. the master server has initiated a process which tells the proxy to handle the request. After this the server sits back and does other chores while the algorithm waits for the event to be generated which tells it about the action generated by the client. ip address. No other resources are being dedicated to the request. whether the requested piece of information is available.0. the request line from the client is given in double quotes. . and third.

. Limitation Although the algorithm handles the part of traffic leaving the server to perform other important tasks. we conclude that with this present proposed solution we can eliminate the threat of server crashes although we will not be able to completely stop it but with the more efficient algorithm we would be able to handle the problem more effectively. Conclusion In the end. The application will itself make sure that the server resources are not held up for a long period of time in case the load on the server increases from the normal. applies security algorithm . Though the technique can be refined further but no refinement will make it possible to handle infinite load all the time. At some point it will become inevitable to purchase a subordinate hardware device. if the header content contains some code/protocol that asks for accelerated redirection or something like that. This event driven approach helps the server to handle bulk requests with the present available resources. is also handle by the algorithm. it cannot be made to handle infinite amount of requests at an instance. Now.The server handles the dynamic content. etc as it does normally.

com/securityreviews/5DP0 [19] [24] [15] [7] t=895509 http://stackoverflow.coolwebawards.owasp.aspx [9]http://www.NET [16] [5]http://ferruh.html .txt [11] [4]http://beta.aspx [18] [17]http://blogs.php/Top_10_2007Injection_Flaws [20]http://www.html [2] [8] [10] [22] [12] %E2%80%94Parameterizing_an_IN_Expression [14]http://forum.aspx [13]http://en.dpriver.dpriver.codeproject.aspx [21]http://www.References [1]