Reverse proxy

A proxy server connecting the Internet to an internal network.
Example scenario: A client on the Internet (cloud on the left) makes a request to a reverse proxy server (red oval in the middle). The proxy inspects the request, determines that it is valid and that it does not have the requested resource in its own cache. It then forwards the request to some internal web server (oval on the right). The internal server delivers the requested resource back to the proxy, which in turn delivers it to the client. The client on the Internet is unaware of the internal network, and cannot tell whether it is communicating with a proxy or directly with a web server.

In computer networks, a reverse proxy or surrogate server is a proxy server that appears to any client to be an ordinary web server, but in reality merely acts as an intermediary that forwards the client's requests to one or more ordinary web servers.[1][2] Reverse proxies help increase scalability, performance, resilience, and security, but they also carry a number of risks.

Companies that run web servers often set up reverse proxies to facilitate the communication between an Internet user's browser and the web servers. An important advantage of doing so is that the web servers can be hidden behind a firewall on a company-internal network, and only the reverse proxy needs to be directly exposed to the Internet. Reverse proxy servers are implemented in popular open-source web servers, such as Apache, Nginx, and Caddy. Dedicated reverse proxy servers, such as the open source software HAProxy and Squid, are used by some of the biggest websites on the Internet.

A reverse proxy can track all IP addresses making requests through it and it can also read and modify any non-encrypted traffic and risks logging passwords or injecting malware if compromised by a malicious party.

Reverse proxies differ from forward proxies, which are used when the client is restricted to a private, internal network and asks a forward proxy to retrieve resources from the public Internet.

  1. ^ "Forward and reverse proxies". The Apache Software Foundation. Archived from the original on 28 August 2018. Retrieved 26 August 2018.
  2. ^ Reese, Will (September 2008). "Nginx: the high-performance web server and reverse proxy". Linux Journal (173).