Understanding Proxy server And Reverse Proxy, How they work [ With Examples]
I- Proxy Server
- What is a Proxy server:
A proxy server is a server that acts as an intermediary between clients and other servers. When a client sends a request to the server, the request is first sent to the proxy server, which then sends the request to the appropriate server. The response from the server is then sent back to the proxy server, which in turn sends it to the client.
- Why user a Proxy server:
There are many advantages to using a proxy server:
- Improved security: A proxy server can act as a firewall, protecting the internal network from external threats such as malware and unauthorized access. It can also provide additional security features such as encryption and authentication.
- Enhanced privacy: A proxy server can be used to mask the IP address and other identifying information of clients, helping to protect their privacy and anonymity.
- Content filtering: A proxy server can be used to filter out unwanted content such as advertisements, malware, and other types of malicious content. It can also be used to enforce company policies regarding acceptable use of the Internet.
- Improved performance: A proxy server can cache frequently requested content, reducing the load on backend servers and improving performance for clients. It can also be used to perform load balancing, distributing traffic across multiple servers to improve overall performance and availability.
- Reduced bandwidth usage: A proxy server can compress data and remove unnecessary elements such as images and videos, reducing the amount of data that needs to be transmitted and improving network efficiency.
- Access control: A proxy server can be used to restrict access to certain websites or types of content, helping to prevent employees from accessing inappropriate or unproductive websites during work hours.
- Packet Flow:
- Client sends a request to the web proxy server for a particular website or resource.
- The web proxy server receives the request and checks its cache to see if it has a copy of the requested resource.
- If the resource is found in the cache, the web proxy server sends the cached copy to the client.
- If the resource is not found in the cache, the web proxy server sends the request to the appropriate server on behalf of the client.
- The server sends the response back to the web proxy server, which in turn sends the response back to the client.
- The web proxy server caches the response for future use.
Let’s take an Example of client to Proxy packet flow:
- The client is configured to point to the proxy server, first, the client sends a request to the proxy server for the website “www.example.com” over port 80 (HTTP).
- The proxy server receives the packet and examines the request.
- The proxy server checks its cache to see if it has a copy of “www.example.com” cached.
- If “www.example.com” is in the cache, the proxy server sends the cached copy of the website back to the client in a response packet.
- If “www.example.com” is not in the cache, the proxy server forwards the request to the appropriate server on behalf of the client, using the server’s IP address and port number.
- The server responds with the requested website, which is sent to the proxy server’s IP address and port number.
- The proxy server receives the response packet, caches the website for future requests, and sends the website back to the client in a response packet.
- The client receives the response packet containing the requested server.
The client send the request to server proxy, because, it is configured that way, the way the forward proxy server determines the destination server IP address is by inspecting the HTTP request header sent by the client. The HTTP request header contains the destination URL (www.example.com in this case), which the proxy server extracts and uses to determine the IP address of the destination server through DNS resolution. Once the proxy server has the IP address, it establishes a new connection to the destination server on behalf of the client and forwards the HTTP request to the destination server.
II- Reverse Proxy Server
- What is a Reverse Proxy:
A reverse proxy is a server that sits between a client and one or more servers, acting as an intermediary for requests from the client to the server. Unlike a forward proxy, which is typically used to protect client privacy or cache content, a reverse proxy is primarily used to protect a server from direct access by external clients and distribute incoming traffic to multiple backend servers.
When a client makes a request to a server behind a reverse proxy, the request is first sent to the reverse proxy, which then forwards the request to the appropriate server based on the content of the request. The server’s response is then sent back to the reverse proxy, which in turn sends it back to the client. This can help to distribute traffic load across multiple servers, improve server security by hiding the backend servers from external clients, and provide additional features such as SSL/TLS termination, content caching, and load balancing.
- Reverse Proxy use cases:
Some common use cases for reverse proxies include:
- Load balancing: A reverse proxy can distribute incoming traffic to multiple backend servers, helping to balance the load and improve overall performance.
- Security: A reverse proxy can protect backend servers from direct access by external clients, helping to mitigate against security threats such as DDoS attacks and unauthorized access.
- SSL/TLS termination: A reverse proxy can terminate SSL/TLS connections from clients, decrypting the traffic and sending it to backend servers in unencrypted form.
- Content caching: A reverse proxy can cache frequently accessed content, reducing the load on backend servers and improving performance for clients.
- Reverse Proxy Packet flow:
When using reverse proxy setup, the response from the server is not sent directly to the client using the real server IP. Instead, the reverse proxy intercepts the response from the server, modifies it if necessary (e.g., to rewrite URLs or headers), and sends it back to the client using the reverse proxy’s IP address. This is done to ensure that the client does not have direct access to the backend server, which can help to improve security and scalability.
Let’s take an example packet flow for a reverse proxy:
- The client sends a request to the reverse proxy, specifying the URL of the website it wants to access. The client’s IP address is 192.168.1.100 and the reverse proxy’s IP address is 10.0.0.1.
- The reverse proxy receives the request and examines it to determine which backend server should handle the request. The reverse proxy’s configuration might specify that requests for “www.example.com” should be forwarded to a server with IP address 192.168.1.200.
- The reverse proxy forwards the request to the backend server with IP address 192.168.1.200.
- The backend server receives the request and generates a response. The response is sent back to the reverse proxy’s IP address (10.0.0.1) instead of the client’s IP address (192.168.1.100).
- The reverse proxy intercepts the response and modifies it if necessary. For example, the reverse proxy might rewrite any URLs in the response to use the reverse proxy’s hostname instead of the backend server’s hostname.
- The reverse proxy sends the modified response back to the client, using the reverse proxy’s IP address (10.0.0.1) as the source IP address in the response packet.
- The client receives the response and displays the website in the web browser.
By using a reverse proxy, the backend server’s IP address and other internal details are hidden from the client, improving security and scalability. Additionally, the reverse proxy can perform additional functions such as load balancing and caching, helping to improve performance and availability.
Difference Between Proxy server and Reverse Proxy
In both cases, the proxy server acts as an intermediary for the client and server, intercepting and modifying traffic as necessary. However, in a forward proxy server setup, the proxy server is typically located on the client’s network and is used to provide access to external resources on the Internet. In a reverse proxy server setup, the proxy server is typically located on the server’s network and is used to provide access to internal resources from external clients.
Overall, the main difference between a forward proxy server and a reverse proxy server is in the direction of traffic flow and the location of the client and server in relation to the proxy server:
Forward proxy connection initiates from inside secured zone and destined to outside unsecured global network. | Reverse proxy connection comes from outside global network and destined to inside secured network. |