Proxy Server and reverse Proxy server’s functionality and usage.
What is a proxy server (forward proxy)?
A forward proxy, often
called a proxy, proxy server, or web proxy, is a server that sits in front of a
group of client machines. When those computers make requests to sites and
services on the Internet, the proxy server intercepts those requests and then
communicates with web servers on behalf of those clients, like a middleman.
For example, let’s
name 3 computers involved in a typical forward proxy communication:
·
A: This is a user’s
home computer
·
B: This is a forward
proxy server
·
C: This is a website’s
origin server (where the website data is stored)
In a standard Internet
communication, computer A would reach out directly to computer C, with the
client sending requests to the origin
server and the origin
server responding to the client. When a forward proxy is in place, A will
instead send requests to B, which will then forward the request to C. C will
then send a response to B, which will forward the response back to A.
Why would anyone add
this extra middleman to their Internet activity? There are a few reasons one
might want to use a forward proxy:
·
To
avoid state or institutional browsing restrictions - Some governments, schools, and other
organizations use firewalls to give their users access to a limited version of
the Internet. A forward proxy can be used to get around these restrictions, as
they let the user connect to the proxy rather than directly to the sites they
are visiting.
·
To
block access to certain content - Conversely, proxies can also be set up to block a group
of users from accessing certain sites. For example, a school network might be
configured to connect to the web through a proxy which enables content
filtering rules, refusing to forward responses from Facebook and other social
media sites.
·
To
protect their identity online - In some cases, regular Internet users simply desire
increased anonymity online, but in other cases, Internet users live in places
where the government can impose serious consequences to political dissidents.
Criticizing the government in a web forum or on social media can lead to fines
or imprisonment for these users. If one of these dissidents uses a forward
proxy to connect to a website where they post politically sensitive comments,
the IP
address used to post the
comments will be harder to trace back to the dissident. Only the IP address of
the proxy server will be visible.
How is a reverse proxy
different?
A reverse proxy is a
server that sits in front of one or more web servers, intercepting requests
from clients. This is different from a forward proxy, where the proxy sits in
front of the clients. With a reverse proxy, when clients send requests to the
origin server of a website, those requests are intercepted at the network
edge by the reverse
proxy server. The reverse proxy server will then send requests to and receive
responses from the origin server.
The difference between
a forward and reverse proxy is subtle but important. A simplified way to sum it
up would be to say that a forward proxy sits in front of a client and ensures
that no origin server ever communicates directly with that specific client. On
the other hand, a reverse proxy sits in front of an origin server and ensures
that no client ever communicates directly with that origin server.
Once again, let’s
illustrate by naming the computers involved:
·
D: Any number of
users’ home computers
·
E: This is a reverse
proxy server
· F: One or more origin servers
Typically, all requests
from D would go directly to F, and F would send responses directly to D. With a
reverse proxy, all requests from D will go directly to E, and E will send its
requests to and receive responses from F. E will then pass along the
appropriate responses to D.
Below we outline some
of the benefits of a reverse proxy:
·
Load
balancing - A popular
website that gets millions of users every day may not be able to handle all its
incoming site traffic with a single origin server. Instead, the site can be
distributed among a pool of different servers, all handling requests for the
same site. In this case, a reverse proxy can provide a load balancing solution
which will distribute the incoming traffic evenly among the different servers
to prevent any single server from becoming overloaded. If a server fails
completely, other servers can step up to handle the traffic.
·
Protection
from attacks - With a reverse
proxy in place, a web site or service never needs to reveal the IP address of
their origin server(s). This makes it much harder for attackers to leverage a
targeted attack against them, such as a DDoS
attack. Instead the
attackers will only be able to target the reverse proxy, such as
Cloudflare’s CDN, which will have tighter security and more
resources to fend off a cyber-attack.
·
Global
Server Load Balancing (GSLB) - In this form of load balancing, a
website can be distributed on several servers around the globe and the reverse
proxy will send clients to the server that’s geographically closest to them.
This decreases the distances that requests and responses need to travel,
minimizing load times.
·
Caching - A reverse proxy can also cache content, resulting in faster
performance. For example, if a user in Paris visits a reverse-proxied website
with web servers in Los Angeles, the user might connect to a local reverse
proxy server in Paris, which will then have to communicate with an origin
server in L.A. The proxy server can then cache (or temporarily save) the
response data. Subsequent Parisian users who browse the site will then get the
locally cached version from the Parisian reverse proxy server, resulting in much
faster performance.
·
SSL
encryption - Encrypting and decrypting SSL (or TLS) communications for each client can be
computationally expensive for an origin server. A reverse proxy can be
configured to decrypt all incoming requests and encrypt all outgoing responses,
freeing up valuable resources on the origin server.