A reverse proxy retrieves resources from one or more servers on behalf of a client. The resources appear as if they originated from the proxy server itself when they are returned to the client. A reverse proxy, therefore, acts as an intermediary for servers associated with it and is contacted by clients. This is different from a forward proxy (e.g., HTTP proxy or SOCKS proxy) that acts as an intermediary for clients which use it to contact servers.
How does a reverse proxy work?
A reverse proxy server receives requests from different client web applications and forwards them to other servers.
- The client web application (e.g., web browser) makes requests to public URLs. The hostname is resolved to the reverse proxy server’s address and the reverse proxy, therefore, receives the request.
- The reverse proxy server determines where the request needs to be sent to by analyzing the URL. This is done by using any part of the URL to route the request. The path is normally used as the main data for routing. The configuration of the reverse proxy rules determines which outbound URL the request should be sent to.
- The request is sent to the target server.
- The target server forwards the response to the proxy, the proxy server, in turn, reads the request and then returns it to the client.
What is the use of a reverse proxy?
Implementing reverse proxies for handling web requests makes sense in certain situations that are listed below.
- Reverse proxies are used to hide origin servers. Thus, the servers that effectively store the data are not publicly accessible.
- Web servers may use reverse proxies to perform SSL encryption, often by using SSL acceleration hardware.
- Reverse proxies often use application firewalls to protect against web-based attacks, including distributed denial-of-service attacks (DDoS) and Denial-of-service attacks (DoS). Removing malware could be difficult if a reverse proxy is not used.
- Reverse proxies can cache static, as well as dynamic content to reduce the load on the origin servers. This is known as web acceleration or load balancing solution.
- They can be used to distribute incoming requests to several servers, where each server will typically serve its own application area (aka, Global Server Load Balancing – GSLB)
- Reverse proxies can compress content to reduce loading times.
- Reverse proxies are often used to perform multivariate and A/B testing. This can be done without placing code or tags onto pages.
- For web servers that do not have authentication, a reverse proxy can be used to add basic HTTP access authentication to the web server.
How to implement a reverse proxy
Although it is possible to build a reverse proxy, this needs a significant investment in physical hardware, as well as intensive hardware and software engineering resources. It is often much easier and more cost-effective to sign up for a CDN service to reap all the benefits of a reverse proxy.
Differences between a forward proxy and a reverse proxy
A reverse proxy server is positioned at the edge of a network and serves as an intermediate connection point. It acts as the actual endpoint by receiving initial HTTP connection requests.
A reverse proxy acts as a traffic cop for the network, serving as a gateway between an application origin server and users. It also handles all traffic routing and policy management.
A reverse proxy operates as follows:
- Firstly, it receives user connection requests.
- Next, it completes a TCP three-way handshake and then terminates the initial connection.
- It connects to the origin server and forwards the original request.
Forward proxy servers also operate at the edge of the network but regulate outbound traffic based on shared networks’ preset policies. It also hides clients’ IP addresses (e.g., elite proxies) and blocks incoming traffic that is malicious.
Normally used internally by big organizations, including enterprises and universities, forward proxies implemented as transparent proxies are used to:
- Monitor online activity of employees.
- Block access to certain websites.
- Improve user experiences by caching content from external sites.
- Protects origin servers from malicious traffic.
Before deciding which type of server is most suitable for your situation, you need to know what you want to achieve. If the goal is to protect servers, this can be best achieved by putting them behind reverse proxies. On the other hand, if the goal is to protect clients in an internal network, this can be achieved best by putting them behind a forward proxy.