Archive | July, 2015

Forward Proxy vs. Reverse Proxy

Forward Proxy

A forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the web server, the client sends a request to the proxy server naming the web server as the target. The proxy then requests the content from the web server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall or to explicitly block certain websites. The forward proxy can also use caching to reduce network usage for frequently accessed resources.

To explain the forward proxy further, using the following setup:

  • X = User computer on the company network
  • Y = The company proxy server  e.g. proxy.mycompany.com
  • Z = Web site that the user wants to visit, e.g. www.thebestwebsiteonthewholeinternet.com

Typically, X would connect directly to the website Z (i.e. X–>Z). Once a forward proxy is configured, X would have to go through Y  to access the website Z (i.e. X–>Y–>Z)

Reverse Proxy

A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the namespace of the reverse proxy. The reverse proxy then decides where to send those requests and returns the content as if it were itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

To explain the reverse proxy further, using the following setup:

  • X = User computer on the Internet
  • Y = The company proxy server  e.g. proxy.mycompany.com
  • Z = Web site that the user wants to visit that is hosted by the company, e.g. www.thebestwebsiteonthewholeinternet.com

Typically, X would connect directly to the website Z (i.e. X–>Z). However, there may be reasons to prevent direct access to Z. Once a reverse proxy is configured, X would have to go through Y to access the website Z (i.e. X–>Y–>Z). Unlike a forward proxy configuration, the user X does not know he is accessing the website on a server Z, because the user X only sees he is communicating with a server Y. The server Z is invisible to clients and only the proxy server Y is visible externally. Furthermore, a reverse proxy requires no explicit proxy configuration on the user computer side. The user computer X thinks it is only communicating with Y (i.e. X –> Y) , but the reality is that Y is sending all communication to Z. (i.e. X–>Y–>Z).

Source/Further Reading: 

Apache Documentation on Forward Proxy and Reverse Proxy Configuration

Difference between Forward Proxy Server and Reverse Proxy Server