The main reason for using a proxy server is to give access to the Internet from within a firewall. An application-level proxy makes a firewall safely permeable for users in an organization, without creating a potential security hole through which one might get into the subnet. The proxy can control services for individual methods, host and domain, and more-filtering client transactions. A very important thing about proxies is that even a client without DNS can use the Web: It needs only the IP address of the proxy. Application level proxy facilitates caching at the proxy. Usually, one proxy server is used by all clients connected to a subnet. This is why the proxy is able to do efficient caching of documents that are requested by more than one client. The fact that proxies can provide efficient caching makes them useful even when no firewall machine is in order. Configuring a group to use a caching proxy server is easy (Most popular Web client programs already have proxy support built in), and can decrease network traffic costs significantly, because once the first request was made for a certain document, the next ones are retrieved from a local cache.

Proxying is a standard method for getting through firewalls, rather than having each client get customized to support a special firewall product or a method. That is, you don't need to make changes in the source codes of clients, which is impossible in some cases. It can be configured as is to be a proxy client. It is also possible to write clients that only understand HTTP - other protocols are handled by the proxy in a transparent way. Using proxies allows high level logging of client transactions (data and time, URL, and some other fields in an HTTP transaction) which is not possible in the IP or TCP level.

Workstations do not have a direct physical connection to the Internet and therefore it is not possible for them to communicate in a direct way. The proxy server is placed between the physical connection point to the Internet, and the connection point to the local net, delivers the requests from the local net to the Internet as if it was the original requester.

The proxy is a special HTTP server that typically runs on a firewall machine. It waits for requests coming from inside the firewall, and then sends them to the remote server, gets the response and sends it back to the client.

For transactions of a client with the proxy server, the client only uses HTTP, even when accessing a resource served by a remote server using another protocol, like FTP. When sending a request to a proxy, the full URL is specified and not just the pathname along with optional search keywords as with regular HTTP request.

At this point the proxy starts to function as a client to retrieve the document, using the suitable protocol module.

As for caching, it is done by saving copies of retrieved pages and objects (like common graphic and voice files) in a local file on disk for further requests of users. The caching mechanism can survive restarts of the proxy process and also restarts of the server machine. When a retrieval of an updated document is needed, the remote server should be contacted for the GET request. Using the head information of a document is good for checking if it has been modified.

For more efficiency in these situations, the If-Modified-Since request header was added to the HTTP, which means the header contains the last modification time and date of the object currently in the client. Now, if the object hasn't been changed, than only a new expiry date is sent, otherwise the request is served as a regular HTTP request.

A good proxy system gives suitable tools for managing and controlling the data flow. For instance: user authorization for accessing sites, blocking "strangers" trying to get into the local net, tracing users operations and storing some common information for the benefit of all the net users without the need to bring it again from outside.