Forward Proxy Vs Reverse Proxy

aditya goel
5 min readFeb 9


In this blog, we are going to study about following topics :-

  • What is a Forward-Proxy.
  • Advantages of a Forward-Proxy.
  • What is a Transparent-Proxy.
  • What is a Reverse-Proxy.
  • Advantages of a Reverse-Proxy.
  • Usage of Reverse-Proxy by CloudFlare.

Question: What is a Forward Proxy ?

Answer → Here is the understanding about the Forward-Proxy :-

  • It’s a server that sits between a group of client-machines and the Internet.
  • When those clients make requests to websites on the Internet, the forward proxy acts as a middleman, who intercepts those requests and talks to web-servers on behalf of those client machines.

Question: Why anyone would like to place a Forward-Proxy ?

Answer → Following can be the various advantages of the Forward-Proxy :-

Advantage #1.) Protecting the Client’s Identity → The Forward-Proxy protects the client’s identity. By using a Forward-Proxy to connect to a website, the IP-Address of the client is hidden from the Server. Only the IP-Address of the Forward-Proxy is visible. It shall be harder to trace back to the client.

Advantage #2.) Bypassing the Browsing Restrictions → The Forward-Proxy can be used to bypass browsing-restrictions.

  • Some institutions like Schools, Governments-Organisations uses firewalls to restrict the access to the Internet, as shown in this diagram :-
  • By connecting to the Forward-Proxy outside the Firewalls, the client-machine can potentially get around these restrictions, as shown in the below diagram :-
  • It doesn’t always work because the firewalls themselves could block the connections to the proxy.

Advantage #3.) Blocking the access to certain endpoints → A Forward-Proxy can be used to block the access to certain content. This is common for Schools & Businesses to configure their Networks, to connect all clients to the web through a Proxy and apply filtering rules to disallow sites like social-networks.

Question: How does the Clients makes use of Forward-Proxy ?

Answer → It’s worth noting that a Forward-Proxy requires a client to configure its application to point to it. For large institutions, they usually apply a technique called Transparent Proxy to streamline the process.

Question: Can you explain about the Transparent-Proxy ?

Answer →

  • A Transparent-Proxy works with Layer-4 Switches to redirect certain types of traffic to the proxy automatically.
  • There is no need to configure the Client-Machines to use it.
  • It is difficult to bypass a Transparent-Proxy, when the client is on the Institution’s network.

In summary, a Forward-Proxy sits between the client and the Internet and acts on behalf of the client.

Question: What is a Reverse-Proxy ?

Answer → A Reverse-Proxy sits between the Internet and the Web-Servers. It intercepts the requests from Clients and talks to the web-servers on behalf of the Clients.

Question: Why would a Website would use a Reverse-Proxy ?

Answer → There could be various reasons for the same :-

  • Prevention of DDOS Attack → Reverse-Proxy could be used to protect a website. The Website’s IP-Address are hidden behind the Reverse-Proxy and are not revealed to the clients. This makes much harder to target a DDOS attack against a website.
  • Usage as Load-Balancer → Reverse-Proxy could be used for Load-Balancing. A popular website handling a millions of users everyday is unlikely to be able to handle all the traffic through a single server. A Reverse-Proxy could balance a large amount of Incoming-requests by distributing the traffic to a large pool of web-servers and preventing any single of them from becoming overloaded.
  • Caching Mechanism → Reverse-Proxy can very well cache the static-content. A piece of content can be cached on the reverse-proxy for a period of time. If the same piece of content is requested again from the reverse proxy, the locally cached version could be quickly returned.
  • SSL Encryption → Reverse-Proxy can handle SSL encryption. SSL-Handshake process is computationally expensive. A Reverse-Proxy can free up the origin servers from these expensive operations.

Question: Does CDN services like CloudFlare also uses Reverse-Proxy ?

Answer → Services like CloudFlare put reverse-proxy servers in hundred of locations all around the world. This puts the Reverse-Proxy close to the users and at the same time provides a large amount of processing capacity.

Question: Who all uses Reverse-Proxy ?

Answer → For a modern website, it is not uncommon to have many layers of Reverse-Proxy.

  • The First-Layer could be an Edge-Service like CloudFlare. The Reverse-Proxies are deployed to hundred of locations worldwide, close to the users.
  • The Second-Layer could be an API-Gateway OR Load-Balancer at the Hosting Provider.

Question: Can the aforementioned two services be combined as well ?

Answer → Some cloud-providers might combine these two services into a single Ingress Service.

The User would enter the Cloud-Network at the Edge closer to the User and from the Edge, the Reverse-Proxy connects over a fast fiber network to the Load-Balancer, where the requests are evenly distributed over a cluster of web-servers.

That’s all in this blog. We shall see you in next document. Till then, if you liked reading through this, do clap on this page.



aditya goel

Software Engineer for Big Data distributed systems