An Introduction to Proxies: Forward and Reverse Proxies
A proxy, also known as a proxy server, is software that acts as an intermediary between a client and a server on the internet. Without a proxy, a client would send a request for a resource directly to a server, and the server would send the resource directly back to the client. Although this approach is simple to understand and implement, proxies offer benefits in terms of increased performance, privacy, security, and more. As an additional pass-through layer, a proxy acts as a gatekeeper of the Internet between clients and servers.
The Role of Proxy Servers
In general, the combined package of server hardware with proxy software installed is also often referred to as a proxy server. In this article, however, we will focus on proxies, which are traditionally defined as software and in the context of web servers. We will get a breakdown of the two main types, the forward proxy and the reverse proxy. Each type has a different use case that is often confused due to the similar naming conventions.
Understanding Forward Proxies
A forward proxy, also known as an open proxy, acts as a proxy for a client attempting to send a request over the Internet to an origin server. In this scenario, all attempts by the client to send requests are sent to the forward proxy instead. The forward proxy will check the request instead of the client. First, it will determine if this client is authorized to send requests through this particular forward proxy. It will then reject the request or forward it to the origin server. The client has no direct access to the Internet; it can only reach what the forward proxy allows it to.
A common use case for forward proxies is to gain increased privacy or anonymity on the Internet. A forward proxy accesses the Internet instead of a client and can use a different IP address than the client’s original IP address.
Depending on the configuration, a forward proxy can grant a number of functions, including:
- Avoidance of ad tracking.
- Bypassing monitoring.
- Identifying restrictions based on your geolocation.
Forward proxies are also used in systems for centralised security and access control, such as a workstation. If all Internet traffic passes through a common forward proxy layer, an administrator can allow only certain clients to access the Internet through a common firewall. Instead of maintaining firewalls for the client layer, which may include many machines with different environments and users, a firewall can be placed on the forward proxy layer.
Note that forward proxies must be set up manually to be used, while reverse proxies can go unnoticed by the client. Depending on whether a client’s IP address is passed from the forward proxy to the origin server, privacy and anonymity can be granted or remain transparent.
There are several options for forward proxies:
- Apache or Nginx: Two popular open source web servers with forward proxy functionality.
- Squid: An open source forward proxy that uses the HTTP protocol. This option does not include a full web server solution.
- Dante: A forward proxy that uses the SOCKS protocol instead of HTTP, making it more suitable for use cases such as peer-to-peer traffic.
Understanding Reverse Proxies
A reverse proxy acts as a proxy for a web server and processes incoming requests from clients on its behalf. This web server can be a single server or multiple servers and can also be an application server such as Gunicorn. In either case, a request would come in from a client over the Internet. Normally, this request would go directly to the web server that provides the resources that the client is requesting. Instead, a reverse proxy acts as an intermediary and isolates the web server from direct interactions with the open Internet.
From the client’s perspective, interacting with a reverse proxy is no different from interacting with the web server directly. It is functionally the same, and the client cannot tell the difference. The client requests and receives a resource without requiring any additional configuration.
Reverse proxies provide features such as:
- Centralised security for the web server layer.
- Direction of incoming traffic based on configurable rules.
- Additional functionality for caching.
While centralised security is an advantage of both forward and reverse proxies, a reverse proxy provides this at the web server level rather than the client level. Instead of focusing on maintaining firewalls at the web server level, which may contain multiple servers with different configurations, the majority of firewall security can be focused on the reverse proxy level. It also allows the responsibility for interacting with a firewall and interacting with client requests to be removed from the web servers, allowing them to focus solely on provisioning resources.
With multiple servers existing behind a reverse proxy, the reverse proxy also handles the routing of requests to specific servers. Multiple web servers can provide the same resource, provide different types of resources, or be a combination of both. These servers may use the HTTP protocol as the conventional web server, but may also include application server protocols such as FastCGI. You can configure a reverse proxy to route clients to specific servers depending on the resource requested or to follow specific traffic volume rules.
Reverse proxies can also benefit from their position in front of the web servers by providing caching capabilities. Large static resources can be configured with caching rules to avoid accessing the web servers for every request. Some solutions even provide the ability to serve static resources directly without even touching the web server. In addition, the reverse proxy can handle the compression of these resources.
The popular Nginx web server is also a popular solution for reverse proxies. While the Apache web server also has a reverse proxy feature, it is an additional feature for Apache, while Nginx is originally designed for and focused on reverse proxy functionality.
Differentiating the Use Cases
Because “forward” and “reverse” have connotations of direction and misleading comparisons with “inbound” and “outbound” traffic, these terms can be confusing because both types of proxies handle requests and responses. Instead, it is better to distinguish between forward and reverse proxies based on the requirements of the application you are developing.
A reverse proxy is useful if you are creating a solution for deploying web applications on the Internet. They represent your web servers in any interaction with the Internet.
A forward proxy is useful when placed in front of client traffic for your personal use or in a work environment. They represent your client traffic in any interaction with the Internet.
Differentiating by use case instead of similar naming conventions helps you avoid confusion – An Introduction to Proxies