A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from a web server. Unlike a forward proxy (which sits in front of clients to protect them from external servers), a reverse proxy sits in front of servers.
This article explains what a reverse proxy is and how it differs from a forward proxy. The explanation will likely delve into the architecture, illustrating where a reverse proxy sits within a network and how it intercepts client requests before forwarding them to backend servers.
What is a reverse proxy?
A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or multiple servers. It forwards clients’ requests, like web browsers, to those servers.
All the requests from the user’s device would go to the internet and then go to the reverse proxy server before reaching the client’s web server. The web server then sends information to the proxy server, which uses the internet to send it back to the client’s user device.
How does a reverse proxy work?
Imagine you have a website. Normally, when someone types your website’s address into their browser, their request goes directly to your web server.
With a reverse proxy, the client’s request goes to the reverse proxy first. The reverse proxy then forwards that request to the appropriate web server and returns the server’s response to the client. The client only sees the reverse proxy and never directly communicates with the actual web server.
Here’s an illustration of how a reverse proxy works:
What is the difference between proxy and reverse proxy?
While both proxy (or forward proxy) and reverse proxy acts as an intermediary server, they serve different purposes and operate from different perspectives.
The key distinction lies in who they serve and where they sit in relation to the client and the origin server. While a forward proxy sits in front of the clients, reverse proxy sits in front of web servers to ensure that no client ever communicates.
Forward proxy server positions on the client’s side of the network, acting as a gateway to the internet. Clients are aware that they are using a proxy server, and they hide their IP addresses from the external web servers. All requests appear to come from the proxy’s IP address.
Reverse proxy servers are located in front of backend servers, intercepting requests from external clients before forwarding them to the appropriate backend server. Clients are generally unaware they are connecting to a reverse proxy.
Feature | Forward proxy (proxy) | Reverse proxy |
|---|---|---|
Who it serves | Clients (protects/serves client-side interests) | Servers (protects/serves server-side interests) |
Who knows about it | Clients are configured to use it. | Clients are typically unaware of its existence. |
Position | Sits in front of clients (client-side) | Sits in front of servers (server-side) |
Primary goal | Client anonymity, access control, client-side caching | Load balancing, security for servers, server-side caching |
Hides | Client IP addresses from external servers | Server IP addresses from external clients |
What are some risks of using reverse proxies?
Though it provides security, there are some risks involved with using reverse proxies as well:
- Risk of information stored: Since a reverse proxy can track IP addresses and encrypt/decrypt information, it can also store sensitive data, such as passwords. This can be a problem if a malicious party were to run it. Moreover, with such sensitive information, it can be risky using a reverse proxy of a third party as they need to adhere to the triad of confidentiality, integrity, and availability.
- HTTP request smuggling: This is a web application attack that exploits differences between web servers and their reverse proxies. It can allow the attacker to submit a request with a user’s session and interfere with the processing of HTTP requests.
- Risk of failure: If the proxy is fronting many different domains, its outage can bring down all of those. Additionally, if there is no direct access to the back-end server, the blackout can disrupt operations.
What are the benefits of using a reverse proxy?
Just like using any proxy, using reverse proxies also has several benefits:
- Encryption tool: Encryption can be expensive for an origin server but using reverse proxies can help with this. They can decrypt all incoming traffic and encrypt all outgoing requests (SSL/TLS).
- Caching (for servers): Reverse proxies can also cache content, improving the performance speed, reducing page load times, and improving content delivery to clients.
- Load balancing: Reverse proxies can help with the traffic flow on the main server. They can reduce the load on the main server by evenly distributing the load on all the servers. This prevents any single server from becoming overwhelmed. These proxies will also send clients to the servers that are located nearest to them, reducing response times.
- Security: Your origin server’s IP address is masked, which protects against potential attacks, such as DDoS attacks. You can also place a web application firewall on your reverse proxies for further protection against hackers and bots.
- A/B testing: Reverse proxies can perform A/B testing and multivariate testing without JavaScript tags or coding.
What are some popular reverse proxy software/services?
- Nginx reverse proxy: It is a free and open-source web application software that can be used as a load balancer, HTTP cache, and reverse proxy.
- Apache HTTP Server (with mod_proxy): A versatile web server that can also function as a reverse proxy.
- HAProxy: Specifically designed for high-availability load balancing and proxying TCP and HTTP-based applications.
- Envoy Proxy: An open-source edge and service proxy, often used in microservices architectures.
- Cloudflare: A well-known CDN and security service that acts as a global reverse proxy.
Reverse proxy FAQs
FAQ
Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE and NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and resources that referenced AIMultiple.
Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised enterprises on their technology decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.
He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.
Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.
Be the first to comment
Your email address will not be published. All fields are required.