Forward Proxy Vs Reverse Proxy

In this blog, we are going to study about following topics :-

• What is a Forward-Proxy.
• Advantages of a Forward-Proxy.
• What is a Transparent-Proxy.
• What is a Reverse-Proxy.
• Advantages of a Reverse-Proxy.
• Usage of Reverse-Proxy by CloudFlare.

Question: What is a Forward Proxy ?

Answer → Here is the understanding about the Forward-Proxy :-

• It’s a server that sits between a group of client-machines and the Internet.
• When those clients make requests to websites on the Internet, the forward proxy acts as a middleman, who intercepts those requests and talks to web-servers on behalf of those client machines.

Question: Why anyone would like to place a Forward-Proxy ?

Answer → Following can be the various advantages of the Forward-Proxy :-

Advantage #1.) Protecting the Client’s Identity → The Forward-Proxy protects the client’s identity. By using a Forward-Proxy to connect to a website, the IP-Address of the client is hidden from the Server. Only the IP-Address of the Forward-Proxy is visible. It shall be harder to trace back to the client.

Advantage #2.) Bypassing the Browsing Restrictions → The Forward-Proxy can be used to bypass browsing-restrictions.

• Some institutions like Schools, Governments-Organisations uses firewalls to restrict the access to the Internet, as shown in this diagram :-

• By connecting to the Forward-Proxy outside the Firewalls, the client-machine can potentially get around these restrictions, as shown in the below diagram :-

• It doesn’t always work because the firewalls themselves could block the connections to the proxy.

Advantage #3.) Blocking the access to certain endpoints → A Forward-Proxy can be used to block the access to certain content. This is common for Schools & Businesses to configure their Networks, to connect all clients to the web through a Proxy and apply filtering rules to disallow sites like social-networks.

Question: How does the Clients makes use of Forward-Proxy ?

Answer → It’s worth noting that a Forward-Proxy requires a client to configure its application to point to it. For large institutions, they usually apply a technique called Transparent Proxy to streamline the process.

Question: Can you explain about the Transparent-Proxy ?

Answer →

• A Transparent-Proxy works with Layer-4 Switches to redirect certain types of traffic to the proxy automatically.
• There is no need to configure the Client-Machines to use it.
• It is difficult to bypass a Transparent-Proxy, when the client is on the Institution’s network.

In summary, a Forward-Proxy sits between the client and the Internet and acts on behalf of the client.

Question: What is a Reverse-Proxy ?

Answer → A Reverse-Proxy sits between the Internet and the Web-Servers. It intercepts the requests from Clients and talks to the web-servers on behalf of the Clients.

Question: Why would a Website would use a Reverse-Proxy ?

Answer → There could be various reasons for the same :-

• Prevention of DDOS Attack → Reverse-Proxy could be used to protect a website. The Website’s IP-Address are hidden behind the Reverse-Proxy and are not revealed to the clients. This makes much harder to target a DDOS attack against a website.
• Usage as Load-Balancer → Reverse-Proxy could be used for Load-Balancing. A popular website handling a millions of users everyday is unlikely to be able to handle all the traffic through a single server. A Reverse-Proxy could balance a large amount of Incoming-requests by distributing the traffic to a large pool of web-servers and preventing any single of them from becoming overloaded.

• Caching Mechanism → Reverse-Proxy can very well cache the static-content. A piece of content can be cached on the reverse-proxy for a period of time. If the same piece of content is requested again from the reverse proxy, the locally cached version could be quickly returned.

• SSL Encryption → Reverse-Proxy can handle SSL encryption. SSL-Handshake process is computationally expensive. A Reverse-Proxy can free up the origin servers from these expensive operations.

Question: Does CDN services like CloudFlare also uses Reverse-Proxy ?

Answer → Services like CloudFlare put reverse-proxy servers in hundred of locations all around the world. This puts the Reverse-Proxy close to the users and at the same time provides a large amount of processing capacity.

Question: Who all uses Reverse-Proxy ?

Answer → For a modern website, it is not uncommon to have many layers of Reverse-Proxy.

• The First-Layer could be an Edge-Service like CloudFlare. The Reverse-Proxies are deployed to hundred of locations worldwide, close to the users.
• The Second-Layer could be an API-Gateway OR Load-Balancer at the Hosting Provider.

Question: Can the aforementioned two services be combined as well ?

Answer → Some cloud-providers might combine these two services into a single Ingress Service.

The User would enter the Cloud-Network at the Edge closer to the User and from the Edge, the Reverse-Proxy connects over a fast fiber network to the Load-Balancer, where the requests are evenly distributed over a cluster of web-servers.

That’s all in this blog. We shall see you in next document. Till then, if you liked reading through this, do clap on this page.