What are Proxy, Gateway and Tunnel in HTTP protocol?


In the specification of the HTTP protocol, more precisely in the RFC 7230 , the possibility of intermediate entities between the < in entity (AU), the entity that performs the HTTP request, and the origin server (O) entity that will respond to the request.

The arrows to the right indicate the path of the HTTP request and the arrows to the left indicate the path of the HTTP response. Entities A, B, and C are the intermediary entities that communicate with each other, through the user agent or origin server through four HTTP connections.

The three intermediate entities described are:

  • Proxy
  • Gateway
  • Tunnel
  • Given that each intermediate entity can operate as a origin server , proxy , gateway or tunnel , depending of the nature of the HTTP request that will be dealt with by it.

    What I would like to know is what is the difference between the three types of intermediary entities and when each is used in practice. It is also possible if there is only one intermediary entity or if they are related to the point of only existing one another.

    asked by anonymous 09.08.2017 / 23:46

    3 answers


    According to RFC 7230 follow the definitions:

    Proxy Definition:


    A "proxy" is a message forwarding agent that is selected by the client, usually through local configuration rules, to receive requests of some kind of absolute URI and try to satisfy those requests via translation through the HTTP interface. Some translations are minimal, such as proxy requests for "http" URIs, while other requests may require translation for completely different application-level protocols. Proxies are often used to group HTTP requests from an organization through a common intermediary because of security, annotation services, or shared caching. Some proxies are designed to apply transformations to selected messages or payloads while they are being forwarded.

    Gateway setting:


    A "gateway" (known as a "reverse proxy") is an intermediary that acts as a source server for the outgoing connection, but translates incoming requests and forwards them to another server or servers. Gateways are often used to encapsulate legacy or untrusted information services to improve server performance by caching the "throttle" and to allow partitioning or load balancing of HTTP services across multiple machines.

    Tunnel Definition:


    A "tunnel" works like a blind relay between two connections without changing the messages. Once active, a tunnel is not considered a part of HTTP communication, although the tunnel may have been started by an HTTP request. A tunnel ceases to exist when both ends of the retransmitted connection are closed. Tunnels are used to extend a virtual connection through an intermediary, such as when Transport Layer Security (TLS, [ RFC5246 ] ) is used to establish a confidential communication through a shared firewall proxy.

    15.08.2017 / 15:36

    Proxy and server have definitions that use the word program . However, for the gateway this does not happen. This should be one of the differences you should note.

    Try to compare a proxy and a gateway by their request handling. A proxy:


    "Orders are taken care of internally or by moving them forward, with    possible translation to other servers. "

    It can essentially change the request or respond with what goes through it.

    The definition of geteway is:


    "It acts as an intermediary for some other server. Unlike a proxy, a   Gateway receives requests as if it were the source server for the   Requested resource; The requesting client may not be aware that it   is communicating with a gateway. "

    So the gateway in this context receives and delivers whatever goes through it.

    A Tunnel is like a pipe with a point at each end. The program or intermediate server is not aware of this connection. This Tunnel can be started by an HTTP request. The tunnel will be terminated when either end decides to drop the tunnel.


    15.08.2017 / 21:24

    I'll try to explain the difference with some examples. Reading the definition in the RFC I, in particular, have trouble understanding the meaning in more practical terms.


    Imagine that it is the output port for another network. Making a analogy simple, if your computer is a home and the Internet is outside, the Gateway is the door. Without the door, you stay locked in the house.

    The Gateway simply routes the incoming requests to the internal network. It is for this reason that when you need to access the Internet at home, the Gateway is the router of your residence; is it that will give access to another network (Internet) without restrictions.


    It serves to protect the external network. Using the house analogy is a way of letting you see outside the house, but only what it wants you to see.

    Unlike the Gateway, Proxy can do multiple filters and redirects, allowing or blocking accesses as they wish, while keeping all computers on the network anonymous. It is usually used by businesses to restrict / control access to the Internet.

    A Proxy server that receives requests and submits them without modification can also be called a Gateway. Commonly this type of Proxy is called Transparent Proxy Server .


    The Gateway and Proxy act as intermediaries for the connection. This is not the case for Tunnel , since the data of a protocol is encapsulated within another protocol, requiring software on the source and destination to send / receive information.

    Using the house analogy, it would be as if you dug a tunnel straight to the other home (network) you want to communicate to, without using intermediaries.

    If compared to Proxy, it involves fewer bureaucracy , because it can require authentication, can add an identifier of it in the header, can respond using cache, etc. With Tunnel all requests and responses are passed intact.

    In practice, VPNs are a good example to understand the concept of Tunnel .

    13.08.2018 / 18:13