In this blog, we are going to study about following topics :-
- What is a Forward-Proxy.
- Advantages of a Forward-Proxy.
- What is a Transparent-Proxy.
- What is a Reverse-Proxy.
- Advantages of a Reverse-Proxy.
- Usage of Reverse-Proxy by CloudFlare.
Question: What is a Forward Proxy ?
Answer → Here is the understanding about the Forward-Proxy :-
- It’s a server that sits between a group of client-machines and the Internet.
- When those clients make requests to websites on the Internet, the forward proxy acts as a middleman, who intercepts those requests and talks to web-servers on behalf of those client machines.
Question: Why anyone would like to place a Forward-Proxy ?
Answer → Following can be the various advantages of the Forward-Proxy :-
Advantage #1.) Protecting the Client’s Identity → The Forward-Proxy protects the client’s identity. By using a Forward-Proxy to connect to a website, the IP-Address of the client is hidden from the Server. Only the IP-Address of the Forward-Proxy is visible. It shall be harder to trace back to the client.
Advantage #2.) Bypassing the Browsing Restrictions → The Forward-Proxy can be used to bypass browsing-restrictions.
- Some institutions like Schools, Governments-Organisations uses firewalls to restrict the access to the Internet, as shown in this diagram :-
- By connecting to the Forward-Proxy outside the Firewalls, the client-machine can potentially get around these restrictions, as shown in the below diagram :-
- It doesn’t always work because the firewalls themselves could block the connections to the proxy.
Advantage #3.) Blocking the access to certain endpoints → A Forward-Proxy can be used to block the access to certain content. This is common for Schools & Businesses to configure their Networks, to connect all clients to the web through a Proxy and apply filtering rules to disallow sites like social-networks.
Question: How does the Clients makes use of Forward-Proxy ?
Answer → It’s worth noting that a Forward-Proxy requires a client to configure its application to point to it. For large institutions, they usually apply a technique called Transparent Proxy to streamline the process.
Question: Can you explain about the Transparent-Proxy ?
- A Transparent-Proxy works with Layer-4 Switches to redirect certain types of traffic to the proxy automatically.
- There is no need to configure the Client-Machines to use it.
- It is difficult to bypass a Transparent-Proxy, when the client is on the Institution’s network.
In summary, a Forward-Proxy sits between the client and the Internet and acts on behalf of the client.
Question: What is a Reverse-Proxy ?
Answer → A Reverse-Proxy sits between the Internet and the Web-Servers. It intercepts the requests from Clients and talks to the web-servers on behalf of the Clients.
Question: Why would a Website would use a Reverse-Proxy ?
Answer → There could be various reasons for the same :-
- Prevention of DDOS Attack → Reverse-Proxy could be used to protect a website. The Website’s IP-Address are hidden behind the Reverse-Proxy and are not revealed to the clients. This makes much harder to target a DDOS attack against a website.
- Usage as Load-Balancer → Reverse-Proxy could be used for Load-Balancing. A popular website handling a millions of users everyday is unlikely to be able to handle all the traffic through a single server. A Reverse-Proxy could balance a large amount of Incoming-requests by distributing the traffic to a large pool of web-servers and preventing any single of them from becoming overloaded.
- Caching Mechanism → Reverse-Proxy can very well cache the static-content. A piece of content can be cached on the reverse-proxy for a period of time. If the same piece of content is requested again from the reverse proxy, the locally cached version could be quickly returned.
- SSL Encryption → Reverse-Proxy can handle SSL encryption. SSL-Handshake process is computationally expensive. A Reverse-Proxy can free up the origin servers from these expensive operations.
Question: Does CDN services like CloudFlare also uses Reverse-Proxy ?
Answer → Services like CloudFlare put reverse-proxy servers in hundred of locations all around the world. This puts the Reverse-Proxy close to the users and at the same time provides a large amount of processing capacity.
Question: Who all uses Reverse-Proxy ?
Answer → For a modern website, it is not uncommon to have many layers of Reverse-Proxy.
- The First-Layer could be an Edge-Service like CloudFlare. The Reverse-Proxies are deployed to hundred of locations worldwide, close to the users.
- The Second-Layer could be an API-Gateway OR Load-Balancer at the Hosting Provider.
Question: Can the aforementioned two services be combined as well ?
Answer → Some cloud-providers might combine these two services into a single Ingress Service.
The User would enter the Cloud-Network at the Edge closer to the User and from the Edge, the Reverse-Proxy connects over a fast fiber network to the Load-Balancer, where the requests are evenly distributed over a cluster of web-servers.
That’s all in this blog. We shall see you in next document. Till then, if you liked reading through this, do clap on this page.