What is Reverse Proxy Server
A reverse proxy server is an intermediate connection point positioned at a network’s edge. It receives initial HTTP connection requests, acting like the actual endpoint.
Essentially your network’s traffic cop, the reverse proxy serves as a gateway between users and your application origin server. In so doing it handles all policy management and traffic routing.
A reverse proxy operates by:
- Receiving a user connection request
- Completing a TCP three-way handshake, terminating the initial connection
- Connecting with the origin server and forwarding the original request
Reverse Proxy vs Forward Proxy
In contrast, a forward proxy server is also positioned at your network’s edge, but regulates outbound traffic according to preset policies in shared networks. Additionally, it disguises a client’s IP address and blocks malicious incoming traffic.
Forward proxies are typically used internally by large organizations, such as universities and enterprises, to:
- Block employees from visiting certain websites
- Monitor employee online activity
- Block malicious traffic from reaching an origin server
- Improve the user experience by caching external site content
How CDNs Use Reverse Proxies
Deployed at your network edge, content delivery networks (CDNs) use reverse proxy technology to handle incoming and outgoing traffic. Their benefits include:
Reverse proxies are placed in several geographically dispersed locations, where mirror versions of website pages are compressed and cached. This facilitates rapid content delivery based on client geolocation, helping to reduce page load times and improve your user experience.
Located in front of your backend servers, reverse proxies are ideally situated to scrub all incoming application traffic before it’s sent on to your backend servers.
- DDoS mitigation – Incoming traffic is distributed among a mesh of reverse proxy servers during a DDoS attack to deflate its overall impact.
- Web application security – Reverse proxies are an ideal location to place a web application firewall to weed out malicious packets—including bad bots and hacker requests.
When routing your incoming traffic through a reverse proxy server, connections are first terminated by the proxy and then reopened with the backend server. From your users’ perspective, their requests are resolved via the proxy IP.
As a result, your origin server’s IP address is masked. This makes it considerably more difficult for attackers to gain access and launch direct-to-IP denial of service attacks.
Because reverse proxy server are the gateway between users and your application’s origin server, they’re able to determine where to route individual HTTP sessions. For applications using multiple backend servers, this means the reverse proxy can efficiently distribute the load, thereby improving overall user experience and helping ensure high availability.
In the event that a server goes down, reverse proxies act as a failover solution, rerouting traffic to ensure continued site availability.