• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Let's Talk About Proxies

By Aram Grigorian
Posted on September 18, 2015
Updated on March 5, 2020

Share

FacebookTweetLinkedIn

Some time ago, my teammate Yariv blogged about the OpenDNS Intelligent Proxy, which allows us to go beyond the DNS layer and block malicious HTTP traffic. Our team has since been focused on other projects, like taking ownership of and consolidating one of the oldest parts of our infrastructure called the landers, which freed up more than 70 servers as a result — as well as some exciting new features we’ll talk about when it’s time.
Today I want to go over the Intelligent Proxy — and the technology that powers it — in little more detail, namely Nginx.
Conventionally a proxy is configured explicitly, either in your OS’s network settings or within a particular program, like Chrome or Firefox in case of HTTP proxying.
osx-network-settings-proxy
ff-proxy-settings
In addition, protocols are in place to ensure the proxy server can always determine what the client’s intended destination was at the time of the request. But as Yariv explained in his post, we’ve taken an unconventional approach and instead of proxying everything (explicit or not) we selectively re-route requests to suspicious domains to our proxy via the DNS layer. This selectivity is great for reducing latency, load, and impact but it also introduces some interesting engineering challenges — mainly around identifying users and determining what was the original destination.
For example, when a user tries to browse to “some-website.net,” the OpenDNS resolvers return the IP address of the nearest Intelligent Proxy server if the domain is classified as suspicious. The client, e.g. Firefox or Chrome, has no knowledge of this and assumes the IP address it received belongs to the server actually hosting “some-website.net.” In the case of plain HTTP, it’s easy to determine what the original destination was, because HTTP/1.1 requires the Host header to be set with each HTTP request, and modern browsers will correctly include this header. Shared hosting providers, as an example, rely on this header when serving multiple websites behind a single IP. Similarly, HTTPS traffic can be proxied by taking advantage of the Server Name Indication (SNI) extension of the TLS protocol. The process is more complex (even impossible) for other ports and protocols.
Another important concept is the idea of a “forward” proxy vs a “reverse” proxy. A forward proxy serves a group of clients, acting as a single point of access and querying origin server(s) on behalf of the clients. This is the type of proxy you use when configuring one in your OS or in a browser like Firefox, as mentioned earlier.
A reverse proxy does the opposite and acts as a single point of access for multiple server components, such as CGI scripts, file servers, or databases. These proxies are also commonly used as load balancers and SSL termination points.
Based on this, our Intelligent Proxy is a forward proxy when it comes to serving client requests that have been routed to it. But it also has some reverse proxying to do internally, especially as we add new features and new layers of data inspection. I had also mentioned at the beginning that the technology we chose is Nginx, and readers familiar with Nginx will know it’s designed to be purely a reverse proxy.
I’ll discuss some more of the unconventional approaches we’ve taken as a result, and challenges we had to solve, in my next post.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella