You must have heard the term reverse proxy couple of times but wondered what the hack is this. I am going to give some idea about it in this post but before going to reverse proxy i would like to give an idea how forward proxy works.
Forward Proxy: A forward proxy acts as a gateway for a client's browser, sending HTTP requests on the client's behalf to the Internet. The proxy protects your inside network by hiding the actual client's IP address and using its own instead. When an outside HTTP server receives therequest, it sees the requestor's address as originating from the proxy server, not from theactual client. In the organizations you configure this in your browser setttings and most of the things happens behind the scene.
Reverse Proxy: Reverse proxy works when a request is sent to the organization web server from outside. It sits in front of the web server.
It acts as a gateway to an HTTP server or HTTP server farm by acting as the final IP
address for requests from the outside. The firewall works tightly with the Reverse Proxy to help
ensure that only the Reverse Proxy can access the HTTP servers hidden behind it. From the
outside client's point of view, the Reverse Proxy is the actual HTTP server.
Benefits of Reverse Proxy
- Clients now have a single point of access to your HTTP servers.
- You have a single point of control over who can access and to which HTTP servers you allow access.
- Easy replacement of backend servers or host name changes.
- Ability to assimilate various applications running on different Operating Systems behind a single facade.
Downside of Reverse Proxy
- If reverse proxy fails and there is no failover suppored then whole network access goes for a toss.
- If an attacker does compromise Reverse Proxy, the attacker may gain more insight into your
HTTP server architecture; or if the HTTP servers it is hiding are inside the firewall, the attacker might be able to compromise your internal network.
- A lot of translations have to occur for the Reverse Proxy and the
firewall to do its translations, so requests may be fulfilled a little more slowly.
Many web servers plug-ins are available which support the reverse proxy functionality. For example Apache module mod_proxy supports both forward and reverse proxy settings based on requirements.