Forward Proxy VS Reverse Proxy.
Forward Proxy
A forward proxy, often called a proxy, web proxy or proxy server, is a server that sits in front of a group of client machines. When those computers make requests to sites or services on the Internet; the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, a bit like a middleman. A forward proxy is typically used in tandem with a firewall to enhance an internal network's security by controlling traffic originating from clients. Thus, from a security standpoint, a forward proxy is primarily aimed at enforcing security on client computers in your internal network.
In standard Internet communication, computer User would reach out directly to computer target, with the client sending requests to the target and the target responding to the client.
When a forward proxy is in place, User will instead send requests to forward proxy, which will then forward the request to target. target will then send a response to forward proxy, which will forward the response back to User.
Why would anyone add this extra middleman to their Internet activity?
As with anything in life, there are a few reasons one might want to use a forward proxy:
- To avoid state or institutional browsing restrictions - Some governments, schools, and other organizations use firewalls to give their users access to a limited version of the Internet. A forward proxy can be used to get around these restrictions, as it let the user connect to the proxy rather than directly to the sites they are visiting.
- To block access to certain content - Conversely, proxies can also be set up to block a group of users from accessing certain sites. For example, a school network might be configured to connect to the web through a proxy that enables content filtering rules, refusing to forward responses from Facebook and other social media sites.
- To protect their identity online - In some cases, regular Internet users simply desire increased anonymity online, but in other cases, Internet users live in places where the government can impose serious consequences on political dissidents. Criticizing the government in a web forum or on social media can lead to fines or imprisonment for these users. If one of these dissidents uses a forward proxy to connect to a website where they post politically sensitive comments, the IP address used to post the comments will be harder to trace back to the dissident. Only the IP address of the proxy server will be visible.
Reverse Proxy
A reverse proxy is a server that sits in front of one or more web servers, taking requests from clients, which are unaware of the actual servers. This is different from a forward proxy, where the proxy sits in front of the clients. With a reverse proxy, when clients send requests to the origin server of a website, those requests are intercepted at the local network by the reverse proxy server. Every request is directed to reverse proxy which handles all the communications from thereafter. A reverse proxy acts as a gateway for your backend, hiding all other servers. It also increases security since the clients are only aware of the reverse proxy and not the actual servers.
Typically all requests from Clients 1,2,3 would go directly to Server 1 or 2 and Server 1 or 2 would send responses directly to Clients 1,2,3. With a reverse proxy, all requests from Clients 1,2,3 will go directly to the Reverse Proxy, and the Reverse Proxy will send its requests to and receive responses from Server 1 or 2. The Reverse Proxy will then pass along the appropriate responses to Clients 1,2,3.
Here, we outlined some of the benefits of a reverse proxy:
- load-balancing - A reverse proxy can perform load balancing which helps distribute client requests evenly across backend servers. This process greatly helps in avoiding the scenario where a particular server becomes overloaded due to a sudden spike in requests. Load balancing also improves redundancy as if one server goes down, the reverse proxy will simply reroute requests to a different server.
- protection from attacks - With a reverse proxy in place, a website or service never needs to reveal the IP address of its origin server(s). It ensures that the identity of your backend servers remains unknown. A reverse proxy also acts as a line of defense for your backend servers. This makes it much harder for attackers to leverage a targeted attack against them, such as a DDoS attack. Instead, the attackers will only be able to target the reverse proxy, which will have tighter security and more resources to fend off a cyber attack.
- better performance - Nginx has been known to perform better in delivering static content over Apache. Therefore with an Nginx reverse proxy, all client requests can be handled by Nginx while all requests for dynamic content can be passed on to the backend Apache server. This helps improve performance by optimizing the delivery of assets based on their type. Additionally, reverse proxies can also be used to serve cached content and perform SSL encryption to take a load off the webserver(s).
- SSL encryption - Encrypting and decrypting SSL (or TLS) communications for each client can be computationally expensive for an origin server. A reverse proxy can be configured to decrypt all incoming requests and encrypt all outgoing responses, freeing up valuable resources on the origin server.
- caching - caching content and web acceleration for improved performance. The proxy server can then cache (or temporarily save) the response data. It reduces the load on its origin servers by caching static content and dynamic content, known as web acceleration. Proxy caches of this sort can often satisfy a considerable number of website requests, greatly reducing the load on the origin server(s).
- authentication A reverse proxy can add basic HTTP access authentication to a web server that does not have any authentication.
- easy logging and auditing - Since there is only one single point of access when a reverse proxy is implemented, this makes logging and auditing much simpler. Using this method, you can easily monitor what goes in and out through the reverse proxy.
That’s about it!
Thank you for reading, and I hope you enjoyed this article.