Reverse Proxy Server

<< Back to Technical Glossary

Reverse Proxy Server Definition

Reverse Proxy Server, sometimes also called a reverse proxy web server, often a feature of a load balancing solution, stands between web servers and users, similar to a forward proxy. However, unlike the forward proxy which sits in front of users, guarding their privacy, the reverse proxy sits in front of web servers, and intercepts requests. A reverse proxy server acts like a middleman, communicating with the users so the users never interact directly with the origin servers. It also balances client requests based on location and demand, and offers additional security.

Diagram depicts the architecture of a load balancing solution with reverse proxy web server feature that helps balance client requests and maintain security.

FAQs

Here are a few frequently asked questions about reverse proxy servers:

Reverse Proxy Server vs Proxy Server

The simple difference between a forward proxy server and a reverse proxy server is a forward proxy sits in front of users. It stops origin servers from directly communicating with that user.

The reverse proxy server comparison is that by sitting in front of the web server, it prevents users from directly communicating with the server.

What Does a Reverse Proxy Server Do?

A reverse proxy ultimately forwards user/web browser requests to web servers. However, the reverse proxy server protects the web server’s identity. This type of proxy server also moves requests strategically on behalf of web servers, typically to help increase performance, security, and reliability.

What are some Common Uses for Reverse Proxy Servers?

A common reverse proxy server example happens when a company has a large e-commerce website. It can’t handle its incoming traffic with just one server, so it uses a reverse proxy server to direct requests from its users to an available server within the pool. There are various methods to direct this traffic, such as round robin load balancing.

Another great use is to cloak a site’s main server because they are concerned about protecting the server from malicious attacks by users. Such a site can appear to be hosted among many servers, and typically only public-facing servers do go down, protecting the backend server.

What are the Benefits of a Reverse Proxy Server?

Benefits of reverse proxy servers include:

  • load balancing
  • global server load balancing (GSLB)
  • caching content and web acceleration for improved performance
  • more efficient and secure SSL encryption, and
  • protection from DDoS attacks and related security issues.

For many sites, but especially for high-volume websites, a single origin server will not be sufficient to handle all inbound site traffic. A reverse proxy server can handle numerous requests for the same site, distributing them to different servers in an available pool.

This more evenly distributes inbound traffic, or balances the load among multiple servers, so no one web server will become overloaded. Should a single server completely fail, the reverse proxy server can redirect the other servers to manage the traffic.

Global Server Load Balancing (GSLB) is load balancing distributed around the world by a reverse proxy. With this kind of load balancing, requests to a website can be distributed locally. This shortens the distances and times that requests and responses need to travel, in turn reducing load times.

Similarly, a reverse proxy cache server can enhance performance by caching local content. This kind of caching improves speed and user experience, especially for sites that feature dynamic content.

Businesses can also save money using a reverse proxy server to encrypt all outgoing responses and decrypt all incoming requests. By handling all communications this way via reverse proxy, the company avoids the much higher cost of encrypting and decrypting SSL communications between clients and servers on the main production server.

Likewise, a reverse proxy server offers protection from attacks. This is because no service or site need ever reveal its web server’s IP address with a reverse proxy in place, and because reverse proxies offer a traffic scrubbing effect.

Protecting the server’s IP address means attackers can only target the reverse proxy, rendering DDoS and related attacks much more difficult. It also scrubs all incoming traffic, distributing all requests from the internet among a secure group of servers during a DDoS attack to mitigate against its overall impact.

Reverse proxies are well-suited to battling cyber attacks, capable of hosting web application firewalls and other tools for shutting out malware such as hacker requests and bad bots.

Is There a List of Reverse Proxy Servers?

Not really. There are open source reverse proxy servers, reverse proxy service appliances and other hardware, reverse proxy server software and SaaS businesses—there are many options out there.

Proxy vs Reverse Proxy

The key difference between proxy (forward proxy) and reverse proxy is forward proxy provides proxy services to a client or a group of clients belonging to a common internal network. When one of these clients makes a connection attempt to a server on the internet, its requests have to pass through the forward proxy first which dictates whether that request is allowed or denied.

A reverse proxy proxies on behalf of servers instead of on behalf of clients. A reverse proxy accepts requests from external clients on behalf of servers stationed behind it. Additionally, a forward proxy hides the identities of clients, a reverse proxy hides the identities of servers.

How to Setup a Reverse Proxy Server?

Some businesses design and construct their own reverse proxy servers. This demands intensive hardware and software engineering resources, along with a major investment into physical hardware. A far simpler and less costly way to gain the associated benefits is by using a service.

How does Avi Networks help with Reverse Proxy Server Security?

Reverse proxy server security is just one part of the cloud-native, elastic load balancing solution VMware NSX Advanced Load Balancer (by Avi Networks) delivers. There’s no reason to reinvent the wheel or duplicate your efforts.
With the Avi Vantage Platform your business achieves a quick, secure, scalable application experience. Avi Vantage stands apart from legacy load balancers as the 100 percent software-defined option. It provides:

  • Multi-cloud – an orchestrated, consistent experience across cloud and on-premises environments through central management
  • Intelligence – Avi’s baked-in analytics provide actionable insights that render automation intelligent, autoscaling seamless, and decisions simpler
  • Automation – application delivery integrated into the CI/CD pipeline and self-service provisioning, thanks to 100% RESTful APIs

In addition to a Software Load Balancer, the multi-cloud application services also include Intelligent Web Application Firewall (iWAF) and Container Ingress.