14.5 More Intermediate Nodes
There are many possible combinations of intermediate systems on the way from a client to a target server.
It is quite common to use ‘Proxy on Proxy’ in companies that have an intranet separated into several secure zones. For example, the first secure zone is for employees, and the second secure zone is for production servers. The zone for production servers is interconnected with the employee secured zone through an internal firewall. Next, the employee zone is connected through another firewall to the Internet. Both firewalls may run proxies and tunnels.
In the case of a double proxy, the target server name must be translated to its IP address at the last proxy before the target server. Similarly, it is a good idea to place a gateway at the end of the node chain as shown:
Note that intermediate systems are before the Internet. This is a limitation of HTTP. If the intermediate system was after the Internet...