What is a Reverse Proxy Server?
1 - Definition
A reverse proxy is a proxy server that accepts requests from clients on behalf of one or more servers placed behind it and retrieves data on behalf of external clients. All resources are routed to the client as if they produced from the proxy.
2 - What's the difference between a reverse proxy and forward proxy?
Some people thinks that is like a proxy who can unblock sites to you, this is not. Don't confuse between the reverse proxy and forward proxy.
Forward proxy :
Forward proxy retrieves data from another web site on behalf of clients. For example, you want to connect to a web site "X", normally, you would connect directly from your computer to "X". In some cases you have to connect to "X" via a forward proxy browser "Y" (ex: TiFree)
Reasons why you would want to use a forward proxy "Y":
|
|
Reverse proxy :
For this example, you would connect directly from your computer to a web site "X".
However, in some cases, the administrator of "X" decided that it's better for him to restrict direct access, and force visitors to go through "Z". So, we have contents being retrieved by a reverse proxy "Z" from "X" on behalf of you. In this case you think you are visiting "X" directly, you don't know you are accessing "Z".
A reverse proxy does not require a configuration from visitors.
Why "X" wants to install a reverse proxy server?
However, in some cases, the administrator of "X" decided that it's better for him to restrict direct access, and force visitors to go through "Z". So, we have contents being retrieved by a reverse proxy "Z" from "X" on behalf of you. In this case you think you are visiting "X" directly, you don't know you are accessing "Z".
A reverse proxy does not require a configuration from visitors.
Why "X" wants to install a reverse proxy server?
- "X" wants to force all visitors to pass via "Z" first because millions of people want to see its website, but a single web server cannot treat all requests. so "X" installs many servers and sets up a reverse proxy and that will send visitors to an available server. This is part of the CDN concept work.
- The owner of "X" wants to protect the server content from reprisal attacks, so he must not expose the main server for public access. Abuse attacks and spams will only shut down the public servers, not the main server.
3 - Benefits of a Reverse Proxy:
- SSL acceleration hardware: it takes SSL encryption tasks to unload the web server.
- Load Balancing: for high availability the reverse proxy uses different methods to reduce the load on the origin server. (ex: Caching)
- Content Compression: Reverse proxy can compress data for accelerating loading.
- Protection for the main server from attacks: you can move DMZ-based file transfer servers to the internal network.
- Transparence Maitenance: if you switch off one of your servers for maintenance, your end users won't remark it.