A proxy server is analogous to the receptionist in an office. The receptionist checks the identification and credentials of visitors, and if they pass this scrutiny, the receptionist asks for the visitors' requests. The receptionist can then advise whether the office can be of assistance, according to the office’s policies, capabilities and procedures. In a similar way, when a computer user attempts to access a website and avail himself or herself of the database that is resident there, he or she often will be asked for his or her identification and credentials in the form of a username and password, the proxy server checks to determine whether the user's credentials and Internet protocol (IP) address are valid. These are the first steps in proxy server authentication and the simplest uses of proxy servers to perform authentication tasks.
If all goes well, the proxy server learns what area of the website the user wants to access. After checking its policies, capabilities and procedures — known as protocol filters — in relation to the user's request, the proxy server might allow the user to receive from the actual server upon which the database resides. The user is given access to research the item from the actual database server.
The proxy server acts as a go-between receptionist for clients and actual servers just as the receptionist does for the officers in a company. This go-between activity is what is known as proxy server authentication. Using proxy server authentication also protects websites from denial of service (DoS) attacks and other such network attacks on their servers. These DoS attacks, if successful, can shut down a website and create a loss of computer networks, revenue and business opportunity, so the functions of proxy server authentication are incalculably valuable.
Another function of proxy server authentication is encryption. The website computer server might not handle its own encryption/secure sockets layer (SSL) acceleration, but instead hands off this task to a proxy server equipped with encryption and SSL acceleration hardware. In fact, the proxy server with such resident hardware might handle proxy server authentication and encryption tasks for several website servers. Just as the lobby receptionist in an office building might check requests and route the visitor to the correct office to conduct the business that he or she has requested, a proxy server that serves multiple websites authenticates and identifies the specific request.
If an offered brochure does not suffice to serve the visitor’s needs, then the receptionist gives directions to the appropriate office. The lobby receptionist keeps a record of all visitors, the office that they visited and each visitor’s time in and out, just as a proxy server would. Sometimes, security might need to be called to handle an unwelcome or threatening visitor. In a similar way, proxy servers can route traffic to a specific website and also make use of antivirus and antispyware programs to shut off malware and viruses from access to the network.
Use of proxy server authentication allows one to set up filters for children who are using the Internet. Users can set up the authentication so that, based on the username and password furnished, only certain sections of the Internet are open to the child, and there is constant monitoring to restrict the child from access to certain sites and/or objectionable content. Similarly, an office manager can set up proxy server authentication protocols for each employee he or she manages and allow access only to certain modules and software for each employee according to the types of jobs he or she is expected to perform throughout the day.
For instance, the employee’s username and password might allow him or her only into the purchase orders and work orders to do data entry. Yet that same employee might be barred from access to the general ledger in the company’s accounting software or barred from the scheduling software. Similarly, in many universities, a reverse proxy server authentication can block students and faculty members from areas of the Internet not specific to their schoolwork or duties. The username, password and IP address of the terminal in use might block one of these users from access to gambling, pornography, sports, television programs and social networking sites by using a variety of content-filtering protocols.