Understanding Forward Proxies

A forward proxy, also called an open proxy, acts as a representative for a client that is trying to send a request through the internet to an origin server. In this scenario, all attempts to send requests by the client will instead be sent to the forward proxy.

The forward proxy, in the client’s stead, will examine the request. First, it will determine if this client is authorized to send requests through this specific forward proxy.

It will then reject the request or forward it to the origin server. The client has no direct access to the internet; it can only reach what the forward proxy allows it to access.

A common use case of forward proxies is to gain increased privacy or anonymity on the internet. A forward proxy accesses the internet in place of a client, and in that process it can use a different IP address than the client’s original IP address.

Depending on how it has been configured, a forward proxy can grant a number of features, allowing you to:

Avoid ad tracking.
Circumvent surveillance.
Identify restrictions based on your geolocation.

Forward proxies are also used in systems for centralized security and permission based access, such as in a workplace.

When all internet traffic passes through a common forward proxy layer, an administrator can allow only specific clients access to the internet filtered through a common firewall.

Instead of maintaining firewalls for the client layer that can involve many machines with varying environments and users, a firewall can be placed at the forward proxy layer.

Keep in mind that forward proxies must be manually set up in order to be used, whereas reverse proxies can go unnoticed by the client. Depending on whether the IP address of a client is passed on to the origin server by the forward proxy, privacy and anonymity can be granted or left transparent.

There are several options to consider for forward proxies:

Apache: A popular open-source web server that offers forward proxy functionality.

Nginx: Another popular open-source web server with forward proxy functionality.

Squid: An open-source forward proxy that uses the HTTP protocol. This option doesn’t include an entire web server solution. You can check out our guide on how to set up Squid proxy for private connections on Ubuntu 20.04.

Dante: A forward proxy that uses the SOCKS protocol instead of HTTP, making it more suitable for use cases such as with peer-to-peer traffic. You may also want to check out how to set up Dante proxy for private connections on Ubuntu 20.04