Blog article discussing reverse proxies and how they differ from traditional forward proxies.
Proxy Servers: Overview
The Internet can be thought of as many devices (computers) communicating data with each other. Devices that fetch resources (such as your personal computer, using a web browser) are 'clients', while devices sending the data are 'servers'. While direct client-to-server communication is possible, due to security concerns it is more common to have other devices (proxy servers) in the middle to handle this.
A proxy server is simply a device that relays data between other devices. These devices receiving data from proxies can be clients, or other servers. A traditional forward proxy server is placed in front of other servers, and relays their data to clients. This serves several important purposes:
- Masking IP addresses of original servers, to provide anonymity and protect from prying eyes
- Routing and access control, to ensure users only access resources they are supposed to (or to enable users to bypass browsing restrictions, ex. when they are located in certain countries)
- Caching of users' data for improved performance
Reverse Proxy Servers
As the name implies, a reverse proxy server operates in the opposite direction of a forward proxy. Its main purpose is to protect backend servers from potential attack vectors coming from client devices, and also provides extra useful functionality such as:
Load Balancing: A common function of reverse proxies is routing client requests to different origin servers as needed. If a website receives millions of visits within a short period of time, any individual server receiving that traffic would be overloaded and fail. The reverse proxy is programmed to distribute the traffic appropriately over a network of servers, ensuring better performance. If an individual origin server fails for any reason, the reverse proxy can also prevent traffic from being routed to it (reducing the number of failed requests from clients).
Caching: A reverse proxy is often capable of detecting the client's geographical location. A client's request can then be routed to the nearest server, greatly improving speed and performance. Often a CDN (content delivery network) will cache a website's resources on reverse proxy servers, so clients will have access to the closest geographic server by default.
Compressing Files: Reverse proxies can compress files being sent from origin servers, ensuring that they are delivered more quickly to clients, take less time to download, and use up less bandwidth.
SSL Handling: Decryption of SSL certificates can be handled on origin servers, but to save resources a proxy server can handle all this functionality.
How to Set Up a Reverse Proxy
1) Build it in House: Large companies with devoted backend teams may consider building out their own reverse proxy system. This approach requires a lot of resources, as well as capital expenditure on server equipment. The obvious benefit is that the company will have total control over their system without any limits customization. While it depends on the specific needs of the company, in most cases reverse proxying can be seen as a utility - it is rare that a custom-built and maintained system would be required.
2) Use a Cloud-based Solution: Platforms offering reverse proxying and other solutions on the edge are now widely available as an online utility. Kuroco offers reverse proxying, WAF, and other edge-based solutions out-of-the-box, which can be easily configured and managed at a low cost.