• F5 Reverse Proxy
• Nginx Proxy And Reverse Proxy

In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the proxy server itself.^[1] Unlike a forward proxy, which is an intermediary for its associated clients to contact any server, a reverse proxy is an intermediary for its associated servers to be contacted by any client. In other words, a proxy acts on behalf of the client(s), while a reverse-proxy acts on behalf of the server(s).

Quite often, popular web servers use reverse-proxying functionality, shielding application frameworks of weaker HTTP capabilities.

Jun 05, 2019  What is a reverse proxy. Reverse proxies control access to a server on private networks. A reverse proxy can perform authentication tasks, as well as cache or decrypt data. Although many sites claim that reverse proxies perform load-balancing, they are not load-balancers. In essence, a reverse proxy is a gateway to a server or group of servers.

Uses of reverse proxies[edit]

• Reverse proxies can hide the existence and characteristics of an origin server or servers.
• Application firewall features can protect against common web-based attacks, like a Denial-of-service attack (DoS) or distributed denial-of-service attacks (DDoS). Without a reverse proxy, removing malware or initiating takedowns, for example, can become difficult.
• In the case of secure websites, a web server may not perform TLSencryption itself, but instead offloads the task to a reverse proxy that may be equipped with TLS acceleration hardware. (See TLS termination proxy.)
• A reverse proxy can distribute the load from incoming requests to several servers, with each server serving its own application area. In the case of reverse proxying in the neighbourhood of web servers, the reverse proxy may have to rewrite the URL in each incoming request in order to match the relevant internal location of the requested resource.
• A reverse proxy can reduce load on its origin servers by cachingstatic content, as well as dynamic content - synonym: web acceleration. Proxy caches of this sort can often satisfy a considerable number of website requests, greatly reducing the load on the origin server(s).
• A reverse proxy can optimize content by compressing it in order to speed up loading times.
• In a technique named 'spoon-feed'^[2] a dynamically generated page can be produced all at once and served to the reverse-proxy, which can then return it to the client a little bit at a time. The program that generates the page need not remain open, thus releasing server resources during the possibly extended time the client requires to complete the transfer.
• Reverse proxies can operate wherever multiple web-servers must be accessible via a single public IP address. The web servers listen on different ports in the same machine, with the same local IP address or, possibly, on different machines and different local IP addresses altogether. The reverse proxy analyzes each incoming request and delivers it to the right server within the local area network.
• Reverse proxies can perform A/B testing and multivariate testing without placing JavaScript tags or code into pages.
• A reverse proxy can add basic HTTP access authentication to a web server that does not have any authentication.^[3]

See also[edit]

References[edit]

1. ^'Forward and reverse proxies'. The Apache Software Foundation. Retrieved 26 August 2018.
2. ^'squid-cache wiki entry on 'SpoonFeeding''. Francesco Chemolli. Retrieved 9 February 2011.
3. ^'Possible to add basic HTTP access authentication via HAProxy?'. serverfault.com.

What is the difference between proxy server and reverse proxy server?

21 Answers

The previous answers were accurate, but perhaps too terse.I will try to add some examples.

First of all, the word 'proxy' describes someone or something acting on behalf of someone else.

In the computer realm, we are talking about one server acting on the behalf of another computer.

For the purposes of accessibility, I will limit my discussion to web proxies - however, the idea of a proxy is not limited to websites.

Most discussion of web proxies refers to the type of proxy known as a 'forward proxy.'

Gta3 colombian gang car. The proxy event, in this case, is that the 'forward proxy' retrieves data from another web site on behalf of the original requestee.

A tale of 3 computers (part I)

For an example, I will list three computers connected to the internet.

• X = your computer, or 'client' computer on the internet
• Y = the proxy web site, proxy.example.org
• Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z.

However, in some scenarios, it is better for Y --> Z on behalf of X,which chains as follows: X --> Y --> Z.

Reasons why X would want to use a forward proxy server:

Here is a (very) partial list of uses of a forward proxy server.

• 1) X is unable to access Z directlybecause

  • a) Someone with administrative authority over X's internet connection has decided to block all access to site Z.

    • Examples:

      • The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.

      • Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours.

      • A local elementary school disallows internet access to the playboy.com website.

      • A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TOR or FreeNet.

  • b) The administrator of Z has blocked X.

    • Examples:

      • The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange).

      • Z is a forum website. X is spamming the forum. Z blocks X.

A tale of 3 computers (part II)

For this example, I will list three computers connected to the internet.

• X = your computer, or 'client' computer on the internet
• Y = the reverse proxy web site, proxy.example.com
• Z = the web site you want to visit, www.example.net

Normally, one would connect directly from X --> Z.

However, in some scenarios, it is better for the administrator of Z to restrict or disallow direct access and force visitors to go through Y first.So, as before, we have data being retrieved by Y --> Z on behalf of X, which chains as follows: X --> Y --> Z.

What is different this time compared to a 'forward proxy,' is that this time the user X does not know he is accessing Z, because the user X only sees he is communicating with Y.
The server Z is invisible to clients and only the reverse proxy Y is visible externally. A reverse proxy requires no (proxy) configuration on the client side.

The client X thinks he is only communicating with Y (X --> Y), but the reality is that Y forwarding all communication (X --> Y --> Z again).

Reasons why Z would want to set up a reverse proxy server:

• 1) Z wants to force all traffic to its web site to pass through Y first.
  • a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works.
    • Examples:
      • Apple Trailers uses Akamai
      • Jquery.com hosts its javascript files using CloudFront CDN (sample).
      • etc.
• 2) The administrator of Z is worried about retaliation for content hosted on the server and does not want to expose the main server directly to the public.
  • a) Owners of Spam brands such as 'Canadian Pharmacy' appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server.

In the above scenarios, Z has the ability to choose Y.

Content Delivery Network

• Lists of CDNs

forward proxy software (server side)

• phproxy (discontinued)
• squid (apparently, can also work as a reverse proxy)

reverse proxy software for HTTP (server side)

• apache mod_proxy (can also work as a forward proxy for HTTP)
• nginx (used on hulu.com, spam sites, etc.)
• perlbal (written for livejournal)
• varnish cache (written by a freebsd kernel guru)

reverse proxy software for TCP (server side)

• pure load balancer (web site defunct)

see also:

A pair of simple definition would be

Forward Proxy: Acting on behalf of a requestor (or service consumer)

Reverse Proxy: Acting on behalf of service/content producer.

I found this diagram to be very helpful. It just shows the architecture of a forward vs reverse proxy setup from client to server over the Internet. This image will help you to understand qyb2zm302's post and other posts better.

You can also watch this video from F5's DevCentral by Peter Silva.

Picture Source: Quora. All credits to the person who created this diagram.

It reminded me of the classic proverb:

A picture is worth 1000 words.

qyb2zm302's answer nicely details applications of proxies but slips up on the fundamental concept between forward and reverse proxies. For the reverse proxy, X -> Y -> Z, X knows about Y and not Z, rather than vice versa.

http://www.jscape.com/blog/bid/87783/Forward-Proxy-vs-Reverse-Proxy explains the difference between forward and reverse proxies very clearly.

A proxy is simply a middleman for communication(requests+responses). Client <-> Proxy <-> Server

• Client proxy: ( Client <-> Proxy ) <-> Server

  The proxy acts on behalf of the client. Client knows about all 3machines involved in chain. Server doesn't.

• Server proxy: Client <->( Proxy <-> Server )

  The proxy acts on behalf of the server. Client only knows about proxy. Server knows whole chain.

Seems to me that forward and reverse are simply confusing, perspective-dependent names for client and server proxy. I suggest abandoning the former for the latter, for explicit communication.

Of course, to further complicate the matter, not every machine is exclusively a client or a server. If there is an ambiguity in context, it's best to explicitly specify where the proxy lies, and the communications that it tunnels.

Some diagrams might help:

Forward proxy

Reverse proxy

The difference is primarily in deployment. Web forward and reverse proxies all have the same underlying features, they accept requests for HTTP requests in various formats and provide a response, usually by accessing the origin or contact server.

Fully featured servers usually have access control, caching, and some link-mapping features.

A forward proxy is a proxy that is accessed by configuring the client machine. The client needs protocol support for proxy features (redirection, proxy auth, etc.). The proxy is transparent to the user experience, but not to the application.

A reverse proxy is a proxy that is deployed as a web server and behaves like a web server, with the exception that instead of locally composing the content from programs and disk, it forwards the request to an origin server. From the client perspective it IS a web server, so the user experience is completely transparent.

In fact, a single proxy instance can run as a forward and reverse proxy at the same time for different client populations.

That's the short version, I can clarify if people want to comment.

Proxy : It is making the request on behalf of the client. So, the server will return the response to the proxy and the proxy will forward the response to the client. In fact, the server will never 'learn' who the client was (client's IP), it will only know the proxy. However, the client definitely knows the server, since it essentially formats the HTTP request destined for the server, but it just hands it to the proxy.

Reverse Proxy : It is receiving the request on behalf of the server. It forwards the request to the server, receives the response and then returns the response to the client. In this case, the client will never 'learn' who was the actual server (server's IP) (with some exceptions), it will only know the proxy. The server will or won't know the actual client, depending on the configurations of the reverse proxy.

Best explanation here with diagrams:

While a forward proxy proxies in behalf of clients ( or requesting hosts ), a reverse proxy proxies in behalf of servers

In effect, whereas a forward proxy hides the identities of clients, a reverse proxy hides the identities of servers

A proxy server proxies (and optionally caches) outgoing network requests to various not-necessarily-related public resources across the Internet. A reverse proxy captures (and optionally caches) incoming requests from the Internet and distributes them to various internal private resources, usually for High Availability purposes.

Cloudflare has a great article with images explaining this in details.

Check here: https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/

Proxy (Forward Proxy):When computers on your LAN connect to a proxy server that accesses the internet. Benefits include, only the server being exposed to the internet. People on the outside are unable to access the computers directly.Forward proxies can improve internet access for users by caching downloads. They can also be used to restrict access to certain sites. Also, only the proxy server would need a public address, not the clients connecting to it.

Reverse Proxy:A reverse proxy is the opposite of a forward proxy. Instead it acts as a proxy on behalf of the servers being connected to. Instead of accessing a remote server directly, a user would go through the reverse proxy and get directed to the appropriate server from there. Only the reverse proxy would need an SSL certificate, only one public IP address would be needed and it can handle load balancing of incoming requests to enhance the overall user experience.

Image Source: docs.microsoft.com

An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the name-space of the reverse proxy. The reverse proxy then decides where to send those requests, and returns the content as if it was itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers, or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

for more info visit : Apache Docs

This is a great read to understand the differences between a Forward and Reverse PROXYhttp://www.jscape.com/blog/bid/87783/Forward-Proxy-vs-Reverse-Proxy

A forward proxy hides the identities of clients(users) whereas a reverse proxy hides the identities of your servers.

F5 Reverse Proxy

Although my understanding from an apache perspective is that Proxy means that if site x proxies for site y, then requests for x return y.

The reverse proxy means that the response from y is adjusted so that all references to y become x.

So that the user cannot tell that a proxy is involved..

Nginx Proxy And Reverse Proxy

As per my understanding.....

To start with, as everyone knows proxy means 'The authority to represent someone else'.Now there are two things Forward and Reverse proxy.

FORWARD PROXYSuppose you want to access 'google' and 'google' in turn will have n number of servers to respond to that particular request.

Now in this case while you are requesting for something from google and you don’t want google to see your IP address then you will use a forward proxy, as explained below.

A----->B----->C

Now here you are A sending a request through B, So C will think that the request is coming from B, not A. In this way you can prevent your clients IP not to be exposed to outer world.

REVERSE PROXY.Now in this case, to make you understand we will take the same case of forward proxy. Here you have requested for something to google which in turn going to send the one request to the app server or another proxy server to get the response. So these things will happen as explained below.

A----->B----->C

A<-----B<-----CFrom the above diagram you can see that a request has been sent to C from B not from A.Then from C there will be one Request send to D. Similarly the response will go to C from D and then to B and A.

The above diagram says its only the context which matters although both the proxies are acting the same way but client side proxy is hiding client information whereas server side proxy will hide server side information.

Please comment if you feel the above explanation is wrong.

Forward proxies grant the client anonymity (i.e, think Tor).

Reverse proxies grant back end servers anonymity (i.e, think servers behind a DMZ).

Heres an example of a reverse proxy (as a load balancer).

A client surfs to website.com and the server it hits has a reverse proxy running on it. The reverse proxy happens to be pound. Pound takes the request and sends it to one of the three application servers sitting behind it. In this example Pound is a load balancer. ie. it is balancing load between three application servers.The application servers serve up the website content back to the client.

Forward Proxy serves Users: help Users access the Server.

Reverse Proxy serves Server: protect Server from Users.

if no proxyto see from client side and server side are the same:Client -> Serverproxyfrom client side:Client -> proxy -> Serverfrom Server side:Client -> Serverreverse proxyfrom client side:Client -> Server from Server side:Client -> proxy -> Server

So I think if it set up by Client user，it called proxy；if it set up by Server manager it is reverse proxy.

Because the purposes and reasons for setting it up are different, they deal with data in different ways and use different software.

Looking from the perspective of the user, when sending a request to a proxy or reverse proxy server:

• proxy - requires two arguments:
  1) what to get and 2) which proxy server to use an intermediate
  

• reverse proxy - requires one argument:
  1.) what to get

  reverse proxy fetches contents from another server unbeknowst to user and returns result as if it originated from reverse proxy server

Most of the above answers are good but in my opinion none comes very close to addressing well enough the 'reverse' quality that differentiates the two. To do that some way of visualizing the 'reverse' nature of what is essentially the same thing (a proxy) needs to be given and it needs to be given in a well abstracted way.

A Proxy (implicitly 'forward proxy') connects multiple local clients to any one remote server:

A Reverse Proxy connects multiple local servers to any one remote client (notice how the layout reverses):

It is a matter of perspective really and properly understanding the concept requires abstracting away non-essential (to the particular concept) details though they may be very important when it comes to the pragmatics of proxy operation. Such details include the fact that in both scenarios the reality is that multiple clients connect to multiple servers, that clients and servers may not really be local or remote, where the Internet cloud is located or what kind of visibility exists between client and server.

protected by Community♦Jan 11 '13 at 18:28

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?