Reverse Proxy

A reverse proxy is a type of proxy (back-end) server that is typically deployed behind a firewall in a private network. It receives incoming requests from the Internet and forwards them to the appropriate backend server or service within the private network.

This allows the backend servers to be shielded from direct exposure to the Internet, improving security and enabling the use of services and applications that may not be accessible directly from the public Internet.

Reverse Proxies are also used by file-heavy websites, web apps, and CDNs for internal load balancing, helping to evenly distribute incoming traffic and preventing server overload.

Reverse Proxies and CDNs

A content delivery network (CDN) is a network of servers that are distributed across different locations around the world. The purpose of a CDN is to deliver content to end-users super fast by delivering it from the nearest geographically located server.

If you’d like to get to know more about CDNs, read more here.

A reverse proxy can be used to support a CDN by routing incoming requests from users to the appropriate CDN server based on the user's location. There’s no need for a web app provider to upload files directly to a new location – proxy will automatically retrieve files from existing remote locations and deliver them to new locations (new users).

Why is a reverse proxy more secure?

In general, forward proxies are used for different purposes than reverse proxies. A reverse proxy is considered to be more secure because it provides an additional layer of protection for the backend servers.

By shielding the backend servers and hiding the IP addresses from direct exposure to the external users, a reverse proxy can prevent attackers from directly accessing sensitive servers and data. Additionally, a reverse proxy can provide various other security-related benefits, such as SSL/TLS encryption and authentication capabilities.

Most common Reverse Proxy use cases

Reverse proxies are often used for the following purposes:

  1. To provide an additional layer of security.

  2. To enable the use of services and applications that may not be accessible directly from the public Internet.

For example, a reverse proxy can allow users to access a service that is only accessible from within the private network, without the need to establish a VPN connection.

  1. To provide SSL/TLS encryption for services and applications.

A reverse proxy can terminate SSL/TLS connections from clients and establish new, encrypted connections to the backend servers, allowing the use of secure, encrypted communications without the need for each backend server to support SSL/TLS directly.

  1. To improve the scalability of services and applications by allowing them to be deployed across multiple servers or locations.

  2. By using a reverse proxy for load balancing, administrators can improve the performance and availability of their servers and applications, as well as offload tasks such as SSL termination, HTTP caching, and request routing from the backend servers.