Reverse Proxy

A reverse proxy is a proxy server that retrieves resources on behalf of a client from one or more servers. Browsers, corporate firewalls, and Network Address Translation (NAT) devices typically implement a limited form of reverse proxy functionality by allowing a user to connect through the device to a specific host and port number.

How it works

In a reverse proxy configuration, the client establishes connections to the proxy server instead of a destination web server. When the client requests a protected resource from a protected site, for example, https://www.examplebank.com/index.html, the reverse proxy intercepts that request and follows an internal procedure – typically adding an additional header – before forwarding it to the intended website: https://www.examplebank.com. The response is then returned by the reverse proxy to the client as though it originated at https://www.examplebank.com.

In other words, a reverse proxy acts as an intermediary between two servers running different services over Hypertext Transfer Protocol (HTTP). It retrieves resources on behalf of clients from one or more servers and returns them to the clients.

Reverse proxies can speed up transactions between the web servers and end-users, as well as provide additional services such as imposing access controls on requested resources.

Common uses of a reverse proxy

Most often, reverse proxies are used to ensure that resources are served securely over HTTPS. Reverse proxies allow an administrator to run secure web servers on a corporate intranet without needing to expose them directly to the internet.

However, they do not provide much in the way of additional functionality that cannot be achieved with virtual private networks (VPNs). The main reason for deploying a reverse proxy is to offload the processing overhead associated with connecting users and web services.

Reverse proxies can also manage access to the back-end services, provide caching and filtering capabilities.

Benefits of reverse proxies

Reverse proxy architecture has several benefits:

• Client requests are forwarded to the destination servers without visibility of what is taking place on the back-end.
• Requests are load-balanced between multiple server clusters or replicated servers, increasing availability, and reducing latency by using content delivery networks (CDNs).
• Back-end security is enhanced because SSL encryption terminates at the reverse proxy, which can act as an effective web application firewall (WAF). The destination servers do not need to be SSL aware.
• Administrators can take advantage of caching and compression techniques closer to clients for faster response times.

Disadvantages of reverse proxies

• Reverse proxies require additional network resources and processing power in order to operate. Resources must also be distributed between public and private ports when deploying virtual hosting, resulting in additional hardware requirements.
• A lack of visibility into client requests and content passing through the reverse proxy server makes troubleshooting difficult during production deployments.
• Reverse proxies can add latency to transactions and limit performance by limiting options for load balancing and content delivery.