What is a Proxy?
A proxy (or proxy server) is an intermediary between a client (such as a web browser) and a destination server (such as a website or application). The proxy receives requests from the client and forwards them to the destination — and vice versa.
Proxies are often used for security, performance, access control or Monitoring.
🎯 What does a proxy do?
- Hides the internal IP address of the client
- Filters traffic (for example by blocking websites or protocols)
- Speeds up access through caching of frequently visited content
- Logs and monitors network traffic
- Applies policy based on user, time, content or device
🛠 Types of proxy server
| Type | Description |
|---|---|
| Forward proxy | Client → Proxy → Internet (most often used in companies) |
| Reverse proxy | Internet → Proxy → Internal server (protects backend systems) |
| Transparent proxy | Operates in the background without users noticing |
| Application proxy | Specialised per protocol (e.g. HTTP, FTP, SMTP) |
| Caching proxy | Stores previously fetched content locally for faster access |
| Web proxy | Used in browsers for anonymous or filtered surfing |
🧱 Use in OT and IT environments
-
OT environment:
-
Used to provide secure access to HMI, SCADA, Historian or PLC data from IT
-
Often placed in a DMZ or alongside a Jump Server
-
Capability for protocol conversion (e.g. from OPC UA to HTTP)
-
IT environment:
-
Web filtering, DLP, internet access, malware blocking
-
Integration with SIEM for monitoring
🔐 Security benefits
| Security function | Explanation |
|---|---|
| IP shielding | External systems only see the proxy address |
| Access control | Can be combined with IAM, RBAC and user profiles |
| Content filtering | Blocks unwanted sites or file types |
| SSL inspection | Decryption of encrypted traffic (with the right certificates) |
| Logging and auditing | Comprehensive monitoring of outbound traffic |
📌 In summary
A proxy acts as an intermediary between networks or systems and provides additional layers of control, filtering and security. Indispensable in networks where segmentation, Monitoring and risk reduction are essential.