Protection Of The Clients
The proxy can be an interface between the private network and the public network. The private network clients access the web server of the public network via the proxy, for example. Since the contacted target system from the public network does not send its response packets directly to the client, but sends them to the proxy, the latter can actively control the connection.
Unwanted remote access to the client (which goes beyond the response packets) is thus prevented or at least made more difficult. Appropriate security measures and their constant control are thus limited to a single or a few proxies, rather than to a large number of clients.
They settle in an upstream bastion network also easier and more reliable realize. In addition, own servers are better protected, which do not need access to the Internet themselves, but are in the same segment as the clients shielded by the proxy. This keeps the internal network protected, even if the proxy site is compromised, giving the IT department additional time to respond appropriately to a possible outside attack.
Protection Of The Server
A proxy server can generally be used to put the actual server in a protected network, making it reachable from the external network only through the proxy. In this way you try to protect the server from attacks. The proxy software is less complex and therefore offers fewer attack points. This solution is used, for example, in online shops: the web server is located together with the proxy on the Internet and accesses the database with customer data behind a firewall.
The proxy assigns different resources to different users and groups based on their workload. The proxy server Squid masters this process, while also helping to protect the server and supporting methods for better availability.