Unlike “forward proxies” – which act on behalf of clients originating HTTP requests – reverse proxies act on behalf of remote sites, the intended recipients. Generally unknown to the requesting client, a reverse proxy receives requests which are forwarded to an appropriate remote site. The remote site sends requested data back to the reverse proxy, which relays it to the client, thus preventing direct access to the remote site.
Reverse proxies can be used on personal computers with sensitive data stored on the hard drive. But, more commonly, they are employed by large businesses to prevent access to individual computers that contain company resources. And while they’re more costly and complex to set up than other proxies, they provide more IP addresses that can make it well worth the expense.
However your local area network (LAN) is structured, a reverse proxy allows a single record locator or URL to be used to access multiple servers. And it provides web server protection from hackers and malware – a vital security measure for your business data. A reverse proxy can enforce encryption on all web traffic. And, with a Web Application Firewall (WAF), a reverse proxy can recognize and block suspicious activities or attacks. A WAF monitors and filters traffic to and from websites and web applications.
Common Uses and Benefits
A client doesn’t necessarily know where requested content is stored, but a reverse proxy can locate it among servers in the remote network while also protecting the location of the remote site.
Reverse proxying and load-balancing are related functions, and a reverse proxy server can do both. But there are differences. Load-balancing connects with several web servers and maximizes speed by distributing requests among them. This prevents a remote site from being overburdened or underused, and redirects traffic away from sites that go down. Load-balancing helps maintain customer confidence: If one server fails, the requesting client will not see an error message
The reverse proxy function may work with one or more web servers. As the public-facing address, it’s part of the service’s branding. While hiding the server(s) behind it, it’s equipped to defend them in case of attack. And it lets the user scale network size, unseen by the customer.
Reverse proxies can compress data moving in both directions to maintain processing speed. They also cache frequently requested content.
Security and Anonymity
By intercepting requests, reverse proxies can keep the original requesting server and its properties from being detected. Also, a reverse proxy server, along with an application firewall, contributes to defense against security threats such as denial-of-service attacks. And, when needed, a reverse proxy can run interference for malware removal or takedown of illegal web content.
For enhanced communications security, a reverse proxy can assume the bulk of TLS acceleration (TLS is Transport Layer Security), while the servers it protects carry out the less intensive TLS encryption tasks.
As a “front end” for data requests, a reverse proxy pulls data from the web servers behind it. It caches frequently requested items, such as brand images. Caching means fewer requests are relayed to the servers. The reverse proxy can fulfill these data requests directly – a shorter trip back, with faster delivery to the client.
Reverse proxies can be used in services such as Skype to permit access by external subscribers. They enhance performance by providing extra security measures such as shielding internal infrastructure from the web.
On occasion, a web server behind a reverse proxy may lack HTTP authentication. A reverse proxy can supply basic access authentication to the web server.
Reverse Proxy Providers
Storm Proxies provides reverse proxy services including residential rotating proxies and rotating proxies for ticket sites and various social media. The company offers IP rotation of varying duration based on the time commonly required for a given web activity – a new IP for each HTTP request; a “3-minute” IP for brief tasks such as form completion or normal surfing; and a “15-minute” IP for longer tasks. Dedicated data center IPs are also available.
HAProxy (High Availability Proxy)
HAProxy is compatible with HTTP and HTTPS traffic and provides load-balancing in the cloud. It is a very fast and reliable front-end load-balancer. You read more about it and how to use it in Load Balancing with HAProxy.
Known as front-end servers, load-balancer servers direct users to available application servers. They provide controlled monitoring for complex needs for large scale load-balancing.
NGINX Plus and NGINX
NGINX Plus and NGINX provide multiple features for advanced load-balancing and security solutions for high-traffic websites which require reliable content delivered quickly and securely. These features can be added to any application. NGINX Plus is less expensive than similar hardware‑based solutions and can be utilized both in the cloud and in private data centers. You can find many books about Nginx if you want to learn more.
Squid is an open source proxy server available under the GNU General Public License. Widely used in forward proxy implementations, Squid also offers reverse proxy capability. Its website emphasizes the efficiencies achieved by its reverse-proxy acceleration and caching modes. Customers include ISPs, websites, and content delivery providers. There are a few books about Squid proxy if you want to learn more.
Cloudflare offers a reverse proxy service based on its Content Delivery Network (CDN). A CDN is a geographically distributed network of proxy servers that correlates traffic from many different sites. The service provides its own traffic routing system, to avoid the congestion and latency sometimes seen on the public Internet.