Proxy
Proxy Server Proxy technology essentially means acting as an intermediary between two clients. In this technology, the two clients never directly interact with each other, hence it can be considered as an isolation tool. There are two proxy methods for the web side. The most well-known is the forward proxy, which is the proxy that clients pass through when accessing the internet, and the other is the reverse proxy, which is the technology used by clients worldwide to access the web servers you provide services to. In both cases, the session ends at the proxy and separate sessions are created between the client and server. Now let's talk about the critical details on this topic.
Forward Proxy
Forward Proxy is generally known as URL proxy. Its main function is to control the content accessed by the client over the internet and also to control the content shared by the client simultaneously. We will try to explain why proxy technology should be used with some examples from a security perspective.
Reverse Proxy
Reverse Proxy is where external requests are handled. Usually, Load Balancer (LTM) devices are found in institutions. All of these work as reverse proxies. The SSL/TLS server-side session usually terminates with a certificate on this device. When the session ends here, content controls, features like WAF can be operated. Additionally, actions can be taken here for L7 DOS attacks. Reverse Proxy devices can scan files posted to servers for malicious content, perform extension-independent analysis and detection operations on the “apparent data type.” A .doc extension exe file should be automatically blocked or analyzed as executable. While LTM devices have ICAP integration, they generally look at the extension and/or file analysis size and number are very limited.
Web Isolation
Web Isolation Generally, access to unknown categories, access to links received in emails can be ensured through this method, raising the security level to the highest point. In summary, security measures taken by terminating the session on a device (proxy mode) differ from security measures taken through systems operating in flow mode (firewall, etc.). While both methods have their advantages, choosing Proxy mode is essential when security is a top priority.