vADC Docs

Using Stingray Traffic Manager as a Forward Proxy

by ben_1 on ‎03-14-2013 06:20 AM - edited on ‎07-08-2015 11:57 AM by PaulWallace (12,391 Views)

Stingray Traffic Manager can run as either a forward or a reverse proxy. But what is a Proxy? A reverse proxy? A forward proxy? And what can you do with such a feature?

 

Let's try and clarify what all these proxies are. In computing, a Proxy is a service that accepts network connections from clients and then forwards them on to a server. So in essence, any Load Balancer or Traffic Manager is a kind of proxy. Web caches are another example of proxy servers. These keep a copy of frequently requested web pages and will deliver these pages themselves, rather than having to forward the request on to the 'real' server.

 

fwdrevproxy.png

Forward and Reverse Proxies

 

The difference between a 'forward' and 'reverse' proxy is determined by where the proxy is running.

 

  • Forward Proxies:  Your ISP probably uses a web cache to reduce its bandwidth costs. In this case, the proxy is sitting between your computer and the whole Internet. This is a 'forward proxy'. The proxy has a limited set of users (the ISP's customers), and can forward requests on to any machine on the Internet (i.e. the web sites that the customers are browsing).

 

  • Reverse Proxies: Alternatively, a company can put a web cache in the same data center as their web servers, and use it to reduce the load on their systems. This is a 'reverse proxy'. The proxy has an unlimited set of users (anyone who wants to view the web site), but proxies requests on to a specific set of machines (the web servers running the company's web site). This is a typical role for Traffic Managers - they are traditionally used as a reverse proxy.

 

Using Stingray Traffic Manager as a Forward Proxy

 

You may use Stingray Traffic Manager to forward requests on to any other computer, not just to a pre-configured set of machines in a pool. TrafficScript is used to select the exact address to forward the request on to:

 

pool.use( "Pool name", $ipaddress, $port );

 

The pool.use() function is used, in the same way as you would normally pick a pool of servers to let Stingray Traffic Manager load balance to. The extra parameters specify the exact machine to use. This machine does not have to belong to the pool that is mentioned; the pool name is there just so Stingray Traffic Manager can use its settings for the connection (e.g. timeout settings, SSL encryption, and so on).

 

We refer to this technique as 'Forward Proxy mode', or 'Forward Proxy' for short.

 

What use is a Forward Proxy?

 

Combined with TrafficScript, the Forward Proxy feature gives you complete control over the load balancing of requests. For example, you could use Stingray Traffic Manager to load balance RDP (Remote Desktop Protocol), using TrafficScript to pick out the user name of a new connection, look the name up in a database and find the hostname of a desktop to allocate for that user.

 

Forward Proxying also allows Stingray Traffic Manager to be used nearer the clients on a network. With some TrafficScript, Stingray Traffic Manager can operate as a caching web proxy, speeding up local Internet usage. You can then tie in other Stingray Traffic Manager features like bandwidth shaping, service level monitoring and so on. TrafficScript response rules could then filter the incoming data if needed.

 

Example: A web caching proxy using Stingray Traffic Manager and TrafficScript

 

You will need to set up Stingray Traffic Manager with a virtual server listening for HTTP proxy traffic. Set HTTP as the protocol, and enable web caching. Also, be sure to disable Stingray's "Location Header rewriting", on the connection management page. Then you will need to add a TrafficScript rule to examine the incoming connections and pick a suitable machine. Here's how you would build such a rule:

 

# Put a sanity check in the rule, to ensure that only proxy traffic is being received:
$host = http.getHostHeader();

if( http.headerExists( "X-Forwarded-For" ) || $host == "" ) {

   http.sendResponse( "400 Bad request", "text/plain",

                      "This is a proxy service, you must send proxy requests", "" );

}

# Trim the leading http://host from the URL if necessary

$url = http.getRawUrl();

if ( string.startswith( $url, "http://" ) ) {

   $slash = string.find( $url, "/", 8 );

   $url = string.substring( $url, $slash, -1 );

}

http.setPath( string.unescape( $url ) );

# Extract the port out of the Host: header, if it is there

$pos = string.find( $host, ":" );

if( $pos >= 0 ) {

   $port = string.skip( $host, $pos + 1 );

   $host = string.substring( $host, 0, $pos - 1 );

} else {

   $port = 80;

}

# We need to alter the HTTP request to supply the true IP address of the client 

# requesting the page, and we need to tweak the request to remove any proxy-specific headers.

http.setHeader( "X-Forwarded-For", request.getRemoteIP() );

http.removeHeader( "Range" );

# Removing this header will make the request more cacheable

http.removeHeader( "Proxy-Connection" );

# The user might have requested a page that is unresolvable, e.g.

# http://fakehostname.nowhere/. Let's resolve the IP and check

$ip = net.dns.resolveHost( $host );

if( $ip == "" ) {

   http.sendResponse( "404 Unknown host", "text/plain",

                      "Failed to resolve " . $host . " to an IP address", "" );

}

# The last task is to forward the request on to the target website

pool.use( "Forward Proxy Pool", $ip, $port );

 

Done! Now try using the proxy: Go to your web browser's settings page or your operating system's network configuration (as appropriate) and configure an HTTP proxy.  Fill in the hostname of your Stingray Traffic Manager and the port number of the virtual server running this TrafficScript rule. Now try browsing to a few different web sites. You will be able to see the URLs on the Current Activity page in the UI, and the Web Cache page will show you details of the content that has been cached by Stingray:

 

proxy-connections.png

'Recent Connections' report lists connections proxied to remote sites

 

proxy-cache.png

Content Cache report lists the resources that Stingray has cached locally

 

 

This is just one use of the forward proxy. You could easily use the feature for other uses, e.g. email delivery, SSL-encrypted proxies, and so on. Try it and see!

Comments
by Liooooo
on ‎02-15-2016 02:14 AM

Hello Paul


I tried this scenario and its work greatly , just one issue need to be solved to make this function work perfect ...

I noticed that when a user try to download a file via any download manager program , the Traffic Manager allow only one connection to this file and does not support resuming !!  this could be real problem in production environment !


can you help in solving this issue ?


Thanks in Advance

Contributors