Back to Security Pattern Catalog

Proxy Based Firewall

Classification Key : Exterior Security, Information Disclosure


Packet Filter Firewall only inspects the network addresses when deciding whether to allow access for a request. We can only block supposedly malicious sites. It is hard to know about all of those sites, and we need further defense mechanisms. Also, how do we protect our network from potential attacks that might be embedded within the data segment of the packets?


Make the client interact only with a proxy of the service requested, which in turn communicates with the protected service. The client can only receive service from the server if an application proxy exists for the requested service. Each application proxy has its own access rules pre-defined by the administrator that may be used to authenticate, inspect, change, and filter the incoming (or outgoing) messages.

Known Uses

Some specific firewall products that use application proxies are Pipex Security Firewalls and InterGate Firewall. The SOCKS Protocol from IETF, although not intended as a firewall, uses a similar principle.

Related Patterns

Packet Filter Firewall, Stateful Firewall


Wiley Book


Firewall, Filtering, Access Control


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz