What is Reverse Proxy?
Reverse Proxy is a server that is positioned in front of webservers.
As a cybersecurity professional, you would place a reverse proxy typically behind the firewall in your private network and it would direct client requests to the appropriate backend server. And in this position, your reverse proxy is able to intercept your users' requests and then it would forward them to the intended 'Origin' webserver.
When the origin server sends a reply, the reverse proxy takes that reply and sends it on to the user. In this way, a reverse proxy serves as a 'middleman' between users and the sites they are visiting.
A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and your servers. Your organization can use a reverse proxy to enact load balancing, as well as shield your users from undesirable content and outcomes. Therefore, a reverse proxy can be an integral part of your company’s security posture and makes your company’s network more stable and reliable.
Reverse Proxy Vs. Forward Proxy
While a reverse proxy sits in front of your web-servers, a forward proxy sits in front of clients. A client typically refers to any application. Given the context of proxy servers, this application more-often is a web-browser.
Let us recap...
With a forward proxy, the proxy is positioned in front of the 'client,' protecting it and its user. With a reverse proxy, the proxy sits in front of the 'origin' server.
This may seem like the same thing because both proxies are in between the client and the origin server. However, there are some important differences:
With a forward proxy, you make sure that 'NO ORIGIN SEVER' ever have the ability to directly communicate with the client. That means that, regardless of the website(s), it can never send any data directly to the client.
On the other hand, with a reverse proxy, the proxy, positioned in front of the origin server, makes sure that 'NO CLIENT,' regardless of where it is or who owns it, has the ability to communicate with the origin server.
It is similar to having a bodyguard that also passes messages to the person they are working for. A forward proxy is like a bodyguard that passes messages to the client, while a reverse proxy is like a bodyguard that passes messages to the origin server. A forward proxy is solely focused on vetting messages for the client. A reverse proxy is solely focused on vetting messages for the origin server. Even though they are both positioned between the client and the origin server, they perform very different jobs.
I hope that distinction between them is clear now...
-
Major Advantages of Reverse Proxy
1. Load Balancing
A reverse proxy server can act as a TRAFFIC COP sitting in front of your backend servers. They can decide where and how they route HTTP-sessions. You can use it to distribute client-requests across a group of servers in a manner that maximizes speed and capacity utilization, while ensuring no one server is overloaded, which can degrade performance.
This may be particularly helpful during busier times of the year when a large amount of HTTP sessions attempt to interact with your origin server all at the same time. As the reverse proxy balances the load of the work that has to be performed, it eases the burden on your network.
If a server goes down, the load-balancer would conveniently redirect traffic to your remaining online servers.
2. Web Acceleration
Reverse proxies can compress inbound- and outbound- data, as well as cache commonly requested content. Both of these features would speed up the flow of traffic between clients and your servers.
3. Security and Anonymity
By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and thus it acts as an additional DEFENSE against security-attacks.
It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.
With a reverse proxy, you can hide your origin server’s IP address. If a hacker knows the IP address of your origin server, they have already checked one very big item off their attack-checklist.
Having a reverse proxy, is helping you prevent threat-actors from directly targeting your origin server using its IP address because they do not know what it is. Also, because a reverse proxy is positioned in front of your origin server, any communication coming from the outside has to go through the reverse proxy first.
Therefore, threats like DDoS attacks are harder to execute because you can set up your reverse proxy to detect these kinds of attacks. You can also use it to detect malware attacks. It can identify malicious content within the request coming from the client. Once harmful content has been spotted, the reverse proxy can drop the server’s request. Consequently, the dangerous data does not even reach your origin server.
4. Global Server Load Balancing (GSLB)
GSLB is a sort of load balancing that is distributed around the world by way of a reverse proxy. With GSLB, the requests going to a website can be distributed using the geographic locations of the clients trying to access it.
For example, if a user of Facebook from Singapore, is accessing the website of Facebook. Then the USA servers of Facebook need not to respond to it. Instead, the request would be forwarded to nearest webserver, for example to a webserver in Australia, or may be in India.
As a result, requests do not have to travel as far. For the end-user, this means the content they have requested is able to load faster.
5. Caching
Your backend servers are supposed to the heavy-lifting of caching for your website. However, you can shift a large part of this caching to your Reverse Proxy. It will deliver faster response-time and efficient performance of website(s).
6. SSL Encryption
Encrypting and decrypting SSL (or TLS) communications for each client can be computationally expensive for an origin server. You can configure your reverse proxy to decrypt all incoming requests and encrypt all outgoing responses, freeing up valuable resources on the origin server.
7. Excellent LIVE Monitoring/Logging Capabilities
No doubt, your webservers are to log everything, every request and response. If you see closely, then you can realize that all the requests are being passed through your 'Reverse Proxy', that makes them excellent candidate for LIVE Active monitoring of all to/from traffic.
It would enable your IT team to carefully analyze-- where requests are coming from and how your origin server is responding to them.
With this information, you can see how your site addresses different requests. You can then use that insight to make any adjustments to optimize your site’s performance.
For example, suppose you have an e-Commerce website, and it gets a lot of hits during a certain holiday. You are concerned that it may not be able to manage all the requests efficiently enough, thereby negatively affecting the end user’s purchasing or shopping experience...
With a reverse proxy, you can deduce performance statistics according to date and time, and see whether your site’s infrastructure is up to the task. You would them make adjustments accordingly, via writing some rules.
-
Kindly write 
your comment on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
_______
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM