Scribd
Upload
23 views

Reverse Proxy

reverse proxy

Uploaded by

mleleuomary
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views

Reverse Proxy

reverse proxy

Uploaded by

mleleuomary
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

What is Reverse Proxy?

Reverse Proxy is a server that is positioned in front of webservers.

As a cybersecurity professional, you would place a reverse proxy typically


behind the firewall in your private network and it would direct client
requests to the appropriate backend server. And in this position, your
reverse proxy is able to intercept your users' requests and then it would
forward them to the intended 'Origin' webserver.

When the origin server sends a reply, the reverse proxy takes that reply
and sends it on to the user. In this way, a reverse proxy serves as a
'middleman' between users and the sites they are visiting.

A reverse proxy provides an additional level of abstraction and control to


ensure the smooth flow of network traffic between clients and your
servers. Your organization can use a reverse proxy to enact load
balancing, as well as shield your users from undesirable content and
outcomes. Therefore, a reverse proxy can be an integral part of your
company’s security posture and makes your company’s network more
stable and reliable.

___

👉 Reverse Proxy Vs. Forward Proxy

While a reverse proxy sits in front of your web-servers, a forward proxy


sits in front of clients. A client typically refers to any application. Given the
context of proxy servers, this application more-often is a web-browser.

Let us recap...

With a forward proxy, the proxy is positioned in front of the 'client,'


protecting it and its user. With a reverse proxy, the proxy sits in front of
the 'origin' server.
This may seem like the same thing because both proxies are in between
the client and the origin server. However, there are some important
differences:

With a forward proxy, you make sure that 'NO ORIGIN SEVER' ever have
the ability to directly communicate with the client. That means that,
regardless of the website(s), it can never send any data directly to the
client.

On the other hand, with a reverse proxy, the proxy, positioned in front of
the origin server, makes sure that 'NO CLIENT,' regardless of where it is or
who owns it, has the ability to communicate with the origin server.

It is similar to having a bodyguard that also passes messages to the


person they are working for. A forward proxy is like a bodyguard that
passes messages to the client, while a reverse proxy is like a bodyguard
that passes messages to the origin server. A forward proxy is solely
focused on vetting messages for the client. A reverse proxy is solely
focused on vetting messages for the origin server. Even though they are
both positioned between the client and the origin server, they perform
very different jobs.

I hope that distinction between them is clear now...

___

👉 MAJOR ADVANTAGES OF REVERSE PROXY

1. Load Balancing

A reverse proxy server can act as a TRAFFIC COP sitting in front of your
backend servers.

They can decide where and how they route HTTP-sessions. You can use it
to distribute client-requests across a group of servers in a manner that
maximizes speed and capacity utilization, while ensuring no one server is
overloaded, which can degrade performance.
This may be particularly helpful during busier times of the year when a
large amount of HTTP sessions attempt to interact with your origin server
all at the same time. As the reverse proxy balances the load of the work
that has to be performed, it eases the burden on your network.

If a server goes down, the load-balancer would conveniently redirect


traffic to your remaining online servers.

2. Web Acceleration

Reverse proxies can compress inbound- and outbound- data, as well as


cache commonly requested content. Both of these features would speed
up the flow of traffic between clients and your servers.

3. Security and Anonymity

By intercepting requests headed for your backend servers, a reverse proxy


server protects their identities and thus it acts as an additional DEFENSE
against security-attacks.

It also ensures that multiple servers can be accessed from a single record
locator or URL regardless of the structure of your local area network.

With a reverse proxy, you can hide your origin server’s IP address. If a
hacker knows the IP address of your origin server, they have already
checked one very big item off their attack-checklist.

Having a reverse proxy, is helping you prevent threat-actors from directly


targeting your origin server using its IP address because they do not know
what it is. Also, because a reverse proxy is positioned in front of your
origin server, any communication coming from the outside has to go
through the reverse proxy first.

Therefore, threats like DDoS attacks are harder to execute because you
can set up your reverse proxy to detect these kinds of attacks. You can
also use it to detect malware attacks. It can identify malicious content
within the request coming from the client. Once harmful content has been
spotted, the reverse proxy can drop the server’s request. Consequently,
the dangerous data does not even reach your origin server.

4. Global Server Load Balancing (GSLB)

GSLB is a sort of load balancing that is distributed around the world by


way of a reverse proxy. With GSLB, the requests going to a website can be
distributed using the geographic locations of the clients trying to access it.

For example, if a user of Facebook from Singapore, is accessing the


website of Facebook. Then the USA servers of Facebook need not to
respond to it. Instead, the request would be forwarded to nearest
webserver, for example to a webserver in Australia, or may be in India.

As a result, requests do not have to travel as far. For the end-user, this
means the content they have requested is able to load faster.

5. Caching

Your backend servers are supposed to the heavy-lifting of caching for your
website. However, you can shift a large part of this caching to your
Reverse Proxy. It will deliver faster response-time and efficient
performance of website(s).

6. SSL Encryption

Encrypting and decrypting SSL (or TLS) communications for each client
can be computationally expensive for an origin server. You can configure
your reverse proxy to decrypt all incoming requests and encrypt all
outgoing responses, freeing up valuable resources on the origin server.

7. Excellent LIVE Monitoring/Logging Capabilities


No doubt, your webservers are to log everything, every request and
response. If you see closely, then you can realize that all the requests are
being passed through your 'Reverse Proxy', that makes them excellent
candidate for LIVE Active monitoring of all to/from traffic.

It would enable your IT team to carefully analyze-- where requests are


coming from and how your origin server is responding to them.

With this information, you can see how your site addresses different
requests. You can then use that insight to make any adjustments to
optimize your site’s performance.

For example, suppose you have an e-Commerce website, and it gets a lot
of hits during a certain holiday. You are concerned that it may not be able
to manage all the requests efficiently enough, thereby negatively affecting
the end user’s purchasing or shopping experience...

With a reverse proxy, you can deduce performance statistics according to


date and time, and see whether your site’s infrastructure is up to the task.
You would them make adjustments accordingly, via writing some rules.

___

Kindly write 💚 your comment 💚 on the posts or topics, because when you
do that you help me greatly in ✍️designing new quality article/post on
cybersecurity.

You can also share with all of us if the information shared here helps you
in some manner.

Life is small and make the most of it!

Also take care of yourself and your beloved ones…

With thanks,

Meena R.

___________________________

🙊🙉🙈
#cloudsecurity #computers #Cyber #cyberattack #Cybersecurity
#cybersecurityawareness #cybersecuritythreats #cybersecuritytraining
#cyberthreats #datasecurity #EthicalHacking #hacked #Hackers
#Hacking #infosec #iot #IT #itsecurity #KaliLinux #linux #malware
#networking #pentesting #privacy #ransomeware #security
#technology #computersecurity #computerscience #WIFI

You might also like