Let's start with college life, to create an understanding via an analogy.
Did you use to ask your friends to give your proxy attendance when you were bunking lectures or did you ever do the same on your friend's behalf?
The same concept lies behind proxy servers. Serving on behalf of other servers.
Now there are two types of proxy servers: Forward Proxy Server and Reverse Proxy Servers. When we normally talk of a proxy server, we refer to a Forward Proxy Server. So the other one is exclusively called a Reverse Proxy Server.
Let's start our discussion with the Reverse Proxy Server.
What is a Reverse Proxy server?
A Reverse Proxy server is a web server alias that sits in between the Client/ Internet (from where the web page requests arrive) and the actual web server (origin server, which holds the web page content to be served to users). The reverse proxy server accepts the web page requests, sends them to the origin server (if that content has not been cached by the reverse proxy server), gets the web page/ output and sends it back to the client.
There are several reasons why a reverse proxy might be required on a network. First, only the IP address of the reverse proxy server is advertised to the external world. That makes it easier to make any changes to the origin server(s) behind it – like adding more servers and removing some of them, without having to advertise new IP addresses every time.
One of the biggest advantages of this architecture is the possibility to do load-balancing among the various origin servers. Web servers might expect a huge amount of traffic. So, one web server may not be able to cater to a huge number of clients (mostly). In such situations, the reverse proxy server could evenly distribute the requests to multiple origin servers, so that each of them can handle more requests to avoid congestion.
Reverse Proxies also enable web server redundancy through fail-over capabilities. If one of the origin servers goes down, the web page requests could still be handled by the other servers. Reverse proxies can detect when a server is down and not send requests to it till it is up once again.
Reverse proxy servers can cache frequently requested content (both static pages and dynamic pages – to an extant). This enables reverse proxies to serve those content to the clients directly by themselves, thereby saving processing resources of the origin servers. They can even do SSL encryption with SSL acceleration hardware (if available) on behalf of the web servers, so that the origin servers can be offloaded with this process-intensive function.
Reverse proxy servers increase the security, as no one has direct access to the origin servers and they could be reached only through the reverse proxy server. And besides, these application servers can be further secured by the use of additional firewalls with rules specific to securing them or more effectively, by using specialized Web Application firewalls.
But there are certain limitations to the reverse proxy servers too – Since reverse proxy servers offer a single point of contact for all the clients, the web service would be terminated if they are down. So, redundant reverse proxy servers are recommended.
Also, if the reverse proxy server is hacked, a considerable of information about the application servers might be exposed. So, the security of reverse proxy servers is very crucial. And besides, there is a chance that the reverse proxy itself might be exposed to a lot of requests that it cannot handle – especially if it is doing additional functions like SSL encryption, which might cause some delays.
A reverse proxy is sometimes called SERVER ACCELERATOR because its caching function can improve overall performance.
It also makes the internal network more secure as it hides the details from external clients.
It can also perform load-balancing by distributing requests to several similar servers.
Another question arises what is the difference between a Forward Proxy Server and Reverse Proxy Server?
A pair of simple definitions would be
Forward Proxy: Acting on behalf of a requestor (or service consumer).Used to hide the details of the clients from the origin servers. To better understand with an example,a forward proxy is used to provide internet access to a number of users. The forward proxy can access the internet. This way only the proxy server is exposed to the internet thus, securing the users by not connecting to the internet directly.
Reverse Proxy: Acting on behalf of the service/content producer. Generally hides the details of the origin server.
Requests(HTTP/FTP/HTTPS) that originates from outside of the network and comes into the intranet.For example, e-mail messages. An email will originate somewhere outside of an enterprise’s LAN, pass over the Internet and enter the company’s LAN before it is delivered to the recipient.