What is Reverse Proxy?
Reverse Proxy is a server that is positioned in front of webservers.
As a cybersecurity professional, you would place a reverse proxy typically behind the firewall in your private network and it would direct client requests to the appropriate backend server. And in this position, your reverse proxy is able to intercept your users' requests and then it would forward them to the intended 'Origin' webserver.
When the origin server sends a reply, the reverse proxy takes that reply and sends it on to the user. In this way, a reverse proxy serves as a 'middleman' between users and the sites they are visiting.
A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and your servers. Your organization can use a reverse proxy to enact load balancing, as well as shield your users from undesirable content and outcomes. Therefore, a reverse proxy can be an integral part of your company’s security posture and makes your company’s network more stable and reliable.
___
๐ Reverse Proxy Vs. Forward Proxy
While a reverse proxy sits in front of your web-servers, a forward proxy sits in front of clients. A client typically refers to any application. Given the context of proxy servers, this application more-often is a web-browser.
Let us recap...
With a forward proxy, the proxy is positioned in front of the 'client,' protecting it and its user. With a reverse proxy, the proxy sits in front of the 'origin' server.
This may seem like the same thing because both proxies are in between the client and the origin server. However, there are some important differences:
With a forward proxy, you make sure that 'NO ORIGIN SEVER' ever have the ability to directly communicate with the client. That means that, regardless of the website(s), it can never send any data directly to the client.
On the other hand, with a reverse proxy, the proxy, positioned in front of the origin server, makes sure that 'NO CLIENT,' regardless of where it is or who owns it, has the ability to communicate with the origin server.
It is similar to having a bodyguard that also passes messages to the person they are working for. A forward proxy is like a bodyguard that passes messages to the client, while a reverse proxy is like a bodyguard that passes messages to the origin server. A forward proxy is solely focused on vetting messages for the client. A reverse proxy is solely focused on vetting messages for the origin server. Even though they are both positioned between the client and the origin server, they perform very different jobs.
I hope that distinction between them is clear now...
___
๐ MAJOR ADVANTAGES OF REVERSE PROXY
1. Load Balancing
A reverse proxy server can act as a TRAFFIC COP sitting in front of your backend servers.
They can decide where and how they route HTTP-sessions. You can use it to distribute client-requests across a group of servers in a manner that maximizes speed and capacity utilization, while ensuring no one server is overloaded, which can degrade performance.
This may be particularly helpful during busier times of the year when a large amount of HTTP sessions attempt to interact with your origin server all at the same time. As the reverse proxy balances the load of the work that has to be performed, it eases the burden on your network.
If a server goes down, the load-balancer would conveniently redirect traffic to your remaining online servers.
2. Web Acceleration
Reverse proxies can compress inbound- and outbound- data, as well as cache commonly requested content. Both of these features would speed up the flow of traffic between clients and your servers.
3. Security and Anonymity
By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and thus it acts as an additional DEFENSE against security-attacks.
It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.