A forward proxy (or just proxy) is a server that sits between user devices and the internet. A forward proxy is commonly used for:
- Protecting client privacy and anonymity
- Avoiding browsing restrictions
- Blocking access to certain content
A reverse proxy is a server that accepts requests from clients, forwards them to backend web servers, and returns the responses to the clients. The clients interact with the reverse proxy as if it was the origin server. Reverse proxies are good for:
- Protecting backend servers from direct exposure to clients
- Load balancing requests across multiple backend servers
- Caching static content closer to clients for faster delivery
- Terminating SSL connections and offloading encryption/decryption tasks from the backend servers
The key difference is that a forward proxy acts on behalf of clients, while a reverse proxy acts on behalf of servers. Forward proxies handle outbound requests to external servers, while reverse proxies handle inbound requests coming from clients.
Two common types of proxy are forward and reverse proxy.
A forward proxy is a server that sits between the group of client machines and the internet. When those clients makes request to websites on internet, the forward proxy acts as a middle man, intercepts those requests, and talk to web servers on behalf of those client machines.
Why is this required?
First, Forward proxy protects the client's online identity. By using a forward proxy to connect to a website . the IP address of the client is hidden from the server. Only the ip address of the proxy is visible. It would be harder to trace back to the client.
Second, Forward proxy can also used to bypass the browsing restrictions. Some institutions like governments, schools, and big business use firewalls to restrict access to the internet. By connecting to the forward proxy outside the firewalls, the client machine can potentially can around these restrictions. It does not always work because the firewalls could themselves block the connection to proxy.
Three, A forward proxy can can used to block access to the certain content. This is not uncommon for schools and business to configure their network to connect to all clients to the web through the proxy and apply filtering rules to disallow sites like social networks. It is worth noting that a forward proxy normally requires a client to configure its application to point to it. For large institutions they usually apply technique called transparent proxy to streamline the process.
A transparent proxy works with L4 switches to redirect certain types of traffic to the proxy automatically. There is no need to configure client machine to use it. It is difficult to bypass a transparent proxy when the client is on the institution's network. In summary a forward proxy sits between the clients and the internet and acts on behalf of the client.
Reverse proxy sits between the internet and the web servers. It intercepts the request from the clients and talks to the web server on behalf of the clients.
Why would a website use a reverse proxy?
One, a reverse proxy could be used to protect website itself. The website's Ip address are hidden behind the reverse proxy and are not revealed to the clients. This makes it much harder to target a DDoS attack against a website.
Second, a reverse proxy is used for load balancing. A popular website handling millions of users everyday is unlikely to be able to handle the traffic with a single server. A reverse proxy can balance a large amount of incoming requests by distributing the the traffic to the large pool of web servers, and effectively preventing any single of them from becoming overloaded. Services like Cloudflare put reverse proxy servers in hundreds of locations all around the world. This puts the reverse proxy close to the user and at the same time provides large amount of processing capacity.
Third, a reverse proxy caches static content. A piece of content can be cached in reverse proxy for a period of time. If the same piece of content requested again from the reverse proxy, the locally cached version could be quickly returned.
Fourth, a reverse proxy can handle SSL encryption. SSL handshake is computationally expensive. A reverse proxy can free up the origin servers from these expensive operations. Instead of handling SSL for all clients, a website only needs to handle SSL handshake from a small number of reverse proxies.
Reverse proxy are everywhere. For a modern website it is not uncommon to have many layers of reverse proxy. The first layer could be edge service like cloudflare. The reverse proxies are deployed in hundred of locations worldwide close to the users.
The second layer could be an API gateway or load balancer the the hosting provider. Many cloud providers combine these two layers into a single ingress service. The use would enter the cloud network at the edge close to the user, and from the edge the reverse proxy connect over a fast fiber network to the load balancer where the request is evenly distributed to the cluster of web servers.
Proxy is a software that makes request on behalf of client
some organization uses proxy to block unwanted websites or to protect employees from bad websites like phishing websites.
Another use case is caching. if already some information is cached, the proxy will not even connect to server proxy, it can serve cache contents.
Anonymity from final destination server point of view. Final destination doesn't know originating client.
Microservices ..having different types of proxy ..Http proxy, TCP proxy
In reverse proxy client doesn't know about final destination
proxy will make request still on your behalf. There is one case for load balancing ..proxy can talk to google server 1 or google server2
Q and A
* Can we use proxy and reverse proxy together?
yes
* Can I use Proxy to hide my identity instead of a VPN?
You can but vpn is more secure since it works more at low level. vpn can only see domain ..but proxy can see everything especially if it is working as TLS termination.
* Can I use proxy just for HTTP?
No, there are so many proxies as mentioned in above slide.
Cloudflare with free TLS certificate
Cloudflare is a worldwide cloud reverse proxy with caching, DDOs mitigation and much more
https://www.cloudflare.com/
Webbrowser will make DNS request and DNS server will respond the ip address of the webserver here tlscourse.com and web browser will connect to web server directly
But reverse proxy situation is different. In this case DNS server will resolve tlscourse.com to IP: 48.235.12.1
Webbrowser will make TCP/http connection with Reverse proxy and reverse proxy on behalf of web-browser will establish another TCP session with web server that hosts tlscourse.com
If there are multiple web servers, reverse proxy can establish connection with any of them but for all client it will appear that the web site tlscourse.com is hosted at 48.235.12.1
Benefits of using reverse proxy
================================
One benefit is you are hiding ip address of your real web server.
Another advantage is that a reverse proxy may perform different kind of checks that might eliminate any DOS attacks on web server
Any attacks discovered may be stopped at reverse proxy
Another advantage is reverse proxy may cache the web pages of web server
Reverse proxy will serve the cached web page if it is already cached
Another advantage is based on the location of customer web browser different nearby reverse proxy servers will serve request
Such approach usually significantly reduces latency. Web browser receives data faster from web server
