Upstream Proxy Definition
Burp Suite Options: Upstream Proxy Servers – PortSwigger
Burp’s upstream proxy settings control whether Burp will send outgoing requests to an upstream proxy server, or directly to the destination web server.
You can define multiple rules, specifying different proxy settings for different destination hosts, or groups of hosts. Rules are applied in sequence, and the first rule that matches the destination web server will be used. If no rule is matched, Burp defaults to direct, non-proxied connections.
Upstream proxy settings allow you to use a proxy, acting in-between Burp Suite and your connection to the internet.
To demonstrate this process we will be using two instances of Burp.
Burp instance 1 will act as a normal instance of Burp, used to perform testing.
Burp instance 2 will be configured to act as a proxy server.
Ensure that you have the correct details for the proxy server.
In this example we will set up Burp instance 2 to act as a proxy. We need to ensure that this instance of Burp is running on a free port. In this case we have used port 8085.
We can configure this in the “Proxy Listener” section of the Proxy “Options” tab.
Ensure the proxy listener is running.
Next we need to configure Burp instance 1 to use the proxy (Burp instance 2) to connect to the internet.
We can configure this in the “Upstream Proxy Servers” section of the “Options” / “Connections” tab.
Click the “Add” button to open the “Add upstream proxy rule” dialog.
The “Add upstream proxy rule” dialog allows you to create an upstream proxy rule.
Enter appropriate details in to the form.
In this example we can use a wildcard for the destination host.
The “Proxy host” field should contain the host address of the proxy.
The “Proxy port” field should contain the port used by the proxy.
Click “Ok”.
All traffic will now be routed through this proxy server.
Upstream / downstream terminology used backwards? (E.g. …
I’ve always thought of upstream and downstream along the lines of an actual stream, where the flow of information is like water. So upstream is where water/data comes from (e. g. an HTTP request) and downstream is where it goes (e. the underlying system that services the request).
I’ve been looking at API gateways recently and noticed that some of them used the inverse of this definition. I shrugged it off as an oddity at the time. I then discovered that nginx, which some API gateways are based on, also uses the terminology in the opposite way to what I expected. nginx calls the servers that it sends requests to “upstream servers”, and presumably the incoming requests would therefore be “downstream clients”.
Conceptually it seems like nginx would be pushing the requests “uphill” if going to an “upstream server”, which is totally counter-intuitive… Gravity is reversed in the land of reverse proxies and API gateways, apparently!
I’ve seen other discussions talking about upstream / downstream representing dependencies between systems but for middleware or infrastructure components that sit between systems the idea of dependencies is a little looser, and I find it more helpful to think in terms of flow of information still – because THAT’S usually the source of your dependencies anyway.
Have I got my understanding of the stream analogy fundamentally wrong or are these software components getting the concepts backwards?
asked Sep 2 ’15 at 23:06
1
In HTTP world, the “upstream server” term was introduced in the HTTP/1. 0 specification, RFC 1945:
502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid
response from the upstream server it accessed in attempting to
fulfill the request.
Formal definition was added later, in RFC 2616:
upstream/downstream
Upstream and downstream describe the flow of a message: all
messages flow from upstream to downstream.
According to this definition:
if you are looking at a request, then the client is upstream, and the server is downstream;
in contrast, if you are looking at a response, then the client is downstream, and the server is upstream.
At the same time, in HTTP most of the data flow is not for requests, but for responses. So, if you’ll consider flow of responses, then the “upstream server” term sounds pretty reasonable and logical. And the term is again used in the 502 response code description (it is identical to HTTP/1. 0 one), as well as some other places.
The same logic can be also seen in terms “downloading” and “uploading” in natural language. Most of the data flow is from servers to clients, and that’s why “downloading” means loading something from a server to a client, and “uploading” – from a client to a server.
answered Sep 3 ’15 at 1:32
Maxim DouninMaxim Dounin5, 5291 gold badge23 silver badges27 bronze badges
2
Not the answer you’re looking for? Browse other questions tagged nginx definition or ask your own question.
Upstream server – Wikipedia
In computer networking, upstream server refers to a server that provides service to another server. In other words, upstream server is a server that is located higher in a hierarchy of servers. The highest server in the hierarchy is sometimes called the origin server. The inverse term, downstream server, is rarely used.
The terms are exclusively used in contexts where requests and responses move in opposite ways. It is not used when discussing hierarchical routing or hierarchical network topologies, as packets can be transferred both ways.
For example, in the domain name system, a name server in a company’s local area network often forwards requests to the internet service provider’s (ISP’s) name servers, instead of resolving the domain name directly — it can be said that the ISP’s name servers are upstream to the local server. Conversely, the ISP’s servers typically resolve domain names from the domain’s authoritative origin servers — the authoritative servers are said to be upstream to the ISP’s servers. Note that the hierarchy of resolvers is unrelated to the actual domain name hierarchy.
Frequently Asked Questions about upstream proxy definition
What is upstream in reverse proxy?
So upstream is where water/data comes from (e.g. an HTTP request) and downstream is where it goes (e.g. the underlying system that services the request). …Sep 3, 2015
What is downstream and upstream server?
In computer networking, upstream server refers to a server that provides service to another server. … The inverse term, downstream server, is rarely used. The terms are exclusively used in contexts where requests and responses move in opposite ways.
What is upstream proxy error?
Nginx upstream errors arise while the proxy server receive an invalid response or no response from the origin server.Nov 8, 2018