What's the difference between a proxy server and a reverse proxy server? [closed]
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. We don’t allow questions about professional server or networking-related infrastructure administration on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow. Closed 1 year ago. Improve this question
What is the difference between a proxy server and a reverse proxy server?
The previous answers were accurate, but perhaps too terse. I will try to add some examples.
First of all, the word "proxy" describes someone or something acting on behalf of someone else.
In the computer realm, we are talking about one server acting on the behalf of another computer.
For the purposes of accessibility, I will limit my discussion to web proxies - however, the idea of a proxy is not limited to websites.
FORWARD proxy
Most discussion of web proxies refers to the type of proxy known as a "forward proxy."
The proxy event, in this case, is that the "forward proxy" retrieves data from another web site on behalf of the original requestee.
A tale of 3 computers (part I)
For an example, I will list three computers connected to the internet.
X = your computer, or "client" computer on the internet
Y = the proxy web site, proxy.example.org
Z = the web site you want to visit, www.example.net
Normally, one would connect directly from X --> Z.
However, in some scenarios, it is better for Y --> Z on behalf of X, which chains as follows: X --> Y --> Z.
Reasons why X would want to use a forward proxy server:
Here is a (very) partial list of uses of a forward proxy server:
1) X is unable to access Z directly because a) Someone with administrative authority over X's internet connection has decided to block all access to site Z. Examples: The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves. Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours. A local elementary school disallows internet access to the playboy.com website. A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TOR or FreeNet. b) The administrator of Z has blocked X. Examples: The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange). Z is a forum website. X is spamming the forum. Z blocks X.
a) Someone with administrative authority over X's internet connection has decided to block all access to site Z. Examples: The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves. Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours. A local elementary school disallows internet access to the playboy.com website. A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TOR or FreeNet.
Examples: The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves. Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours. A local elementary school disallows internet access to the playboy.com website. A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TOR or FreeNet.
The Storm Worm virus is spreading by tricking people into visiting familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.
Employees at a large company have been wasting too much time on facebook.com, so management wants access blocked during business hours.
A local elementary school disallows internet access to the playboy.com website.
A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as wikipedia.org. See TOR or FreeNet.
b) The administrator of Z has blocked X. Examples: The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange). Z is a forum website. X is spamming the forum. Z blocks X.
Examples: The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange). Z is a forum website. X is spamming the forum. Z blocks X.
The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X's IP address (and/or netrange).
Z is a forum website. X is spamming the forum. Z blocks X.
REVERSE proxy
A tale of 3 computers (part II)
For this example, I will list three computers connected to the internet.
X = your computer, or "client" computer on the internet
Y = the reverse proxy web site, proxy.example.com
Z = the web site you want to visit, www.example.net
Normally, one would connect directly from X --> Z.
However, in some scenarios, it is better for the administrator of Z to restrict or disallow direct access and force visitors to go through Y first. So, as before, we have data being retrieved by Y --> Z on behalf of X, which chains as follows: X --> Y --> Z.
What is different this time compared to a "forward proxy," is that this time the user X does not know he is accessing Z, because the user X only sees he is communicating with Y. The server Z is invisible to clients and only the reverse proxy Y is visible externally. A reverse proxy requires no (proxy) configuration on the client side.
The client X thinks he is only communicating with Y (X --> Y), but the reality is that Y forwarding all communication (X --> Y --> Z again).
Reasons why Z would want to set up a reverse proxy server:
1) Z wants to force all traffic to its web site to pass through Y first. a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works. Examples: Apple Trailers uses Akamai Jquery.com hosts its JavaScript files using CloudFront CDN (sample). etc.
a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works. Examples: Apple Trailers uses Akamai Jquery.com hosts its JavaScript files using CloudFront CDN (sample). etc.
Examples: Apple Trailers uses Akamai Jquery.com hosts its JavaScript files using CloudFront CDN (sample). etc.
Apple Trailers uses Akamai
Jquery.com hosts its JavaScript files using CloudFront CDN (sample).
etc.
2) The administrator of Z is worried about retaliation for content hosted on the server and does not want to expose the main server directly to the public. a) Owners of Spam brands such as "Canadian Pharmacy" appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server.
a) Owners of Spam brands such as "Canadian Pharmacy" appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server.
In the above scenarios, Z has the ability to choose Y.
Links to topics from the post:
Content Delivery Network
Lists of CDNs http://www.mytestbox.com/miscellaneous/content-delivery-networks-cdn-list/ http://blog.streamingmedia.com/the_business_of_online_vi/2008/01/updated-list-of.html
http://www.mytestbox.com/miscellaneous/content-delivery-networks-cdn-list/
http://blog.streamingmedia.com/the_business_of_online_vi/2008/01/updated-list-of.html
Forward proxy software (server side)
PHP-Proxy
cgi-proxy
phproxy (discontinued)
glype
Internet censorship wiki: List of Web Proxies
squid (apparently, can also work as a reverse proxy)
Reverse proxy software for HTTP (server side)
Apache mod_proxy (can also work as a forward proxy for HTTP)
nginx (used on hulu.com, spam sites, etc.)
HAProxy
Caddy Webserver
lighthttpd
perlbal (written for livejournal)
portfusion
pound
varnish cache (written by a FreeBSD kernel guru)
repose
Reverse proxy software for TCP (server side)
balance
delegate
pen
portfusion
pure load balancer (web site defunct)
python director
See also:
Wikipedia - Content Delivery Network
Wikipedia - Category:Reverse_proxy
Wikipedia - Load Balancing
Wikipedia - Scalability
A pair of simple definitions would be:
Forward Proxy: Acting on behalf of a requestor (or service consumer)
Reverse Proxy: Acting on behalf of service/content producer.
I found the diagram below to be very helpful. It just shows the architecture of a forward vs. reverse proxy setup from client to server over the Internet. This image will help you to understand qyb2zm302's answer and other answers better.
https://i.stack.imgur.com/0qpxZ.png
You can also watch this video from F5's DevCentral by Peter Silva.
Picture Source: Quora. However, as per Martijn Pieters, this image could be from Pulse Secure Community or Julien Pauli's site (in French) at developpez.com.
It reminded me of the classic proverb:
A picture is worth 1000 words.
Forward Proxy vs. Reverse Proxy (2012) explains the difference between forward and reverse proxies very clearly.
qyb2zm302's answer nicely details applications of proxies, but it slips up on the fundamental concept between forward and reverse proxies. For the reverse proxy, X → Y → Z, X knows about Y and not Z, rather than vice versa.
A proxy is simply a middleman for communication (requests + responses). Client <-> Proxy <-> Server
Client proxy: ( client <-> proxy ) <-> server
The proxy acts on behalf of the client. The client knows about all three machines involved in the chain. The server doesn't.
Server proxy: client <-> ( proxy <-> server )
The proxy acts on behalf of the server. The client only knows about the proxy. The server knows the whole chain.
It seems to me that forward and reverse are simply confusing, perspective-dependent names for client and server proxy. I suggest abandoning the former for the latter, for explicit communication.
Of course, to further complicate the matter, not every machine is exclusively a client or a server. If there is an ambiguity in context, it's best to explicitly specify where the proxy lies, and the communications that it tunnels.
Some diagrams might help:
Forward proxy
https://i.stack.imgur.com/MPQAt.png
Reverse proxy
https://i.stack.imgur.com/xrOba.png
The difference is primarily in deployment. Web forward and reverse proxies all have the same underlying features. They accept requests for HTTP requests in various formats and provide a response, usually by accessing the origin or contact server.
Fully featured servers usually have access control, caching, and some link-mapping features.
A forward proxy is a proxy that is accessed by configuring the client machine. The client needs protocol support for proxy features (redirection, proxy authentication, etc.). The proxy is transparent to the user experience, but not to the application.
A reverse proxy is a proxy that is deployed as a web server and behaves like a web server, with the exception that instead of locally composing the content from programs and disk, it forwards the request to an origin server. From the client perspective it is a web server, so the user experience is completely transparent.
In fact, a single proxy instance can run as a forward and reverse proxy at the same time for different client populations.
Proxy: It is making the request on behalf of the client. So, the server will return the response to the proxy, and the proxy will forward the response to the client. In fact, the server will never "learn" who the client was (the client's IP address); it will only know the proxy. However, the client definitely knows the server, since it essentially formats the HTTP request destined for the server, but it just hands it to the proxy.
https://i.stack.imgur.com/eeQP2.png
Reverse Proxy: It is receiving the request on behalf of the server. It forwards the request to the server, receives the response and then returns the response to the client. In this case, the client will never "learn" who was the actual server (the server's IP address) (with some exceptions); it will only know the proxy. The server will or won't know the actual client, depending on the configurations of the reverse proxy.
https://i.stack.imgur.com/zOvvx.png
The best explanation is here with diagrams:
While a forward proxy proxies on behalf of clients ( or requesting hosts ), a reverse proxy proxies on behalf of servers.
In effect, whereas a forward proxy hides the identities of clients, a reverse proxy hides the identities of servers.
A proxy server proxies (and optionally caches) outgoing network requests to various not-necessarily-related public resources across the Internet. A reverse proxy captures (and optionally caches) incoming requests from the Internet and distributes them to various internal private resources, usually for high availability purposes.
Proxy (Forward Proxy):
When computers on your LAN connect to a proxy server that accesses the Internet. Benefits include only the server being exposed to the Internet. People on the outside are unable to access the computers directly. Forward proxies can improve Internet access for users by caching downloads. They can also be used to restrict access to certain sites. Also, only the proxy server would need a public address, not the clients connecting to it.
Reverse Proxy:
A reverse proxy is the opposite of a forward proxy. Instead it acts as a proxy on behalf of the servers being connected to. Instead of accessing a remote server directly, a user would go through the reverse proxy and get directed to the appropriate server from there. Only the reverse proxy would need an SSL certificate, only one public IP address would be needed, and it can handle load balancing of incoming requests to enhance the overall user experience.
https://i.stack.imgur.com/J7PA8.jpg
Image Source: Creating a Forward Proxy Using Application Request Routing
Cloudflare has a great article with images explaining this in details. Check here: What Is A Reverse Proxy? | Proxy Servers Explained
https://i.stack.imgur.com/x2jwy.png
https://i.stack.imgur.com/2ERPI.png
My understanding from an Apache perspective is that proxy means that if site x proxies for site y, then requests for x return y.
The reverse proxy means that the response from y is adjusted so that all references to y become x.
So that the user cannot tell that a proxy is involved...
Forward proxies grant the client anonymity (i.e, think Tor).
Reverse proxies grant back end servers anonymity (i.e, think servers behind a DMZ).
As per my understanding...
To start with, as everyone knows, proxy means "the authority to represent someone else". Now there are two things, forward and reverse proxy.
Forward proxy
Suppose you want to access "Google" and "Google" in turn will have n number of servers to respond to that particular request.
Now in this case, while you are requesting for something from Google and you don’t want Google to see your IP address, then you will use a forward proxy, as explained below.
A → B → C
Now here you are A, sending a request through B. So C will think that the request is coming from B, not A. In this way you can prevent your clients IP address not to be exposed to outer world.
Reverse proxy
Now in this case, to make you understand, we will take the same case of forward proxy. Here you have requested for something to Google, which in turn going to send the one request to the app server or another proxy server to get the response. So these things will happen as explained below.
A → B → C
C → D
C ← D
A ← B ← C
From the above diagram you can see that a request has been sent to C from B, not from A. Then from C there will be one request send to D. Similarly the response will go to C from D and then to B and A.
The above diagram says it's only the context which matters although both the proxies are acting the same way, but the client-side proxy is hiding the client information whereas the server-side proxy will hide server-side information.
Here's an example of a reverse proxy (as a load balancer).
A client surfs to website.com and the server it hits has a reverse proxy running on it. The reverse proxy happens to be Pound. Pound takes the request and sends it to one of the three application servers sitting behind it. In this example, Pound is a load balancer. That is, it is balancing the load between three application servers.
The application servers serve up the website content back to the client.
A forward proxy serves users: it helps users access the server.
A reverse proxy serves the server: it protects the server from users.
If no proxy
To see from the client side and server side are the same:
Client -> Server
Proxy
From the client side:
Client -> proxy -> Server
From the server side:
Client -> Server
Reverse proxy
From the client side:
Client -> Server
From the server side:
Client -> proxy -> Server
So I think if it set up by a client user,it is called a proxy; if it set up by a server manager it is a reverse proxy.
Because the purposes and reasons for setting it up are different, they deal with data in different ways and use different software.
User side | Server side
client <-> proxy <--> reverse_proxy <-> real server
Difference between Proxy server (also called forward proxy) and Reverse Proxy Server depends on the point of reference.
Technically, both are exactly the same. Both serve the same purpose of transmitting data to a destination on behalf of a source.
The difference lies in 'on whose behalf is the proxy server acting / who is the proxy server representing?'
If the proxy server is forwarding requests to internet server on behalf of the end users (Example: students in a college accessing internet through college proxy server.), then the proxy is called 'Forward proxy' or simply 'Proxy'.
If the proxy server is responding to incoming requests, on behalf of a server, then the proxy is called 'Reverse Proxy', as it is working in the reverse direction, from the point of view of the end user.
Some Examples of Reverse proxies:
Load balancer in front of web servers acts as a reverse-proxy on behalf of the actual web servers. API gateway Free Website hosting services like (facebook pages / blog page servers) are also reverse proxies. The actual content may be in some web server, but the outside world knows it through specific url advertised by reverse-proxy.
Use of forward proxy:
Monitor all outbound internet connections from an organization Apply security policies on internet browsing and block malicious content from being downloaded Block access to specific websites
Use of Reverse proxy:
Present friendly URL for a website Perform load balancing across multiple web servers Apply security policy and protect actual web servers from attacks
Looking from the perspective of the user: when sending a request to a proxy or reverse proxy server:
proxy - requires two arguments: 1) what to get and 2) which proxy server to use an intermediate
reverse proxy - requires one argument: 1) what to get
A reverse proxy fetches contents from another server unbeknownst to the user and returns the result as if it originated from the reverse proxy server.
Most of the previous answers are good, but in my opinion none comes very close to addressing well enough the "reverse" quality that differentiates the two. To do that, some way of visualizing the "reverse" nature of what is essentially the same thing (a proxy) needs to be given, and it needs to be given in a well abstracted way.
A proxy (implicitly "forward proxy") connects multiple local clients to any one remote server:
c--
|--p--s
c--
A reverse proxy connects multiple local servers to any one remote client (notice how the layout reverses):
s--
|--p--c
s--
It is a matter of perspective really and properly understanding the concept requires abstracting away non-essential (to the particular concept) details though they may be very important when it comes to the pragmatics of proxy operation. Such details include the fact that in both scenarios the reality is that multiple clients connect to multiple servers, that clients and servers may not really be local or remote, where the Internet cloud is located or what kind of visibility exists between client and server.
Let's consider the purpose of the service.
In forward proxy:
Proxy helps user to access server.
In reverse proxy:
Proxy helps server to be accessed by user.
In the latter case, the one who is helped by the proxy is no longer a user, but a server, that's the reason why we call it a reverse proxy.
Follow WeChat
Success story sharing
Want to stay one step ahead of the latest teleworks?
Subscribe Now相似问题
- What are MVP and MVC and what is the difference?
- What is dependency injection?
- What's the difference between a method and a function?
- Getting Git to work with a proxy server - fails with "Request timed out"
- What is the difference between application server and web server?
- What is JSONP, and why was it created?
(X --> Y) --> Z, reverse:X --> (Y --> Z).