Jan 26, 2009

Reverse Proxy and Forward Proxy Server

When I was in high school it was very common to bunk the class and request one of my classmates to give proxy for me when the teacher makes the roll-call. In the university this proxy thing was more popular, so when it came to learn about proxy server, it was not much hard to understand that one server( the proxy one) is doing some stuffs on behalf of another and the world does not know that it is the intermediate proxy one. But there are two types of proxy servers, reverse proxy and forward proxy. As the idea of reverse proxy came later, so it's way of work is called 'reverse' and what we used to call proxy servers, are now commonly called 'forward' proxy to avoid confusion.

Proxy se
rvers:

A proxy server is a machine which acts as an intermediary between the computers of a local area network (sometimes using protocols other than TCP/IP) and the Internet.
Most of the time the proxy server is used for the web, and when it is, it's an HTTP proxy. However, there can be proxy servers for every application protocol (FTP, etc.).



The operating principle of a proxy server:

The basic operating principle of a proxy server is quite simple: It is server which acts as a "proxy" for an application by making a request on the Internet in its stead. This way, whenever a user connects to the Internet using a client application configured to use a proxy server, the application will first connect to the proxy server and give it its request. The proxy server then connects to the server which the client application wants to connect to and sends that server the request. Next, the server gives its reply to the proxy, which then finally sends it to the application client.



Reverse Proxy:

A proxy server that resides at the Web site and all incoming requests to the Web server are routed to the reverse proxy. A reverse proxy adds a layer of security by hiding the details of the Web servers from the clients. The reverse proxy can be located in a comparatively less secure area and the Web servers can reside behind a secure firewall. It can also serve some other utilities, like encryption, compression and image caching on behalf of the actual web server. It can store dynamic pages generated by the web server and forward these to slower clients time to time. If any change is made to the web server like the URLs are modified, the port numbers are changed or new firewalls are deployed, then we don’t need to publish the new urls, only reconfiguring the reverse proxy will do, the clients can access the same urls without getting any 404 message. Those requests for the old urls will be translated to newer ones by the proxy and forwarded to the web servers hiding the changes to the clients.
We can consider this general scenario: suppose our application runs on port 8080 on tomcat, now-

* External requests are initiated on port 80.
* Firewall/Nat forwards the request to proxy server.
* Proxy server examines the requested URL and redirects it to web server.
* The server gives reply to the proxy which sends it back to the client.

And then we change the tomcat port to 8081 , but we do not need to publish the modified new urls, we just reconfigure our proxy server to forward those requests to 8081 and we are done!

A reverse proxy is sometimes called SERVER ACCELERATOR because its caching function can improve the performance overall.
It also makes the internal network more secure as it hides the details to external clients.
It can also perform load-balancing by distributing requests to several similar servers.

Forward Proxy :

When we talk about proxy servers we generally mean the forward proxy, that's why the other one is called reverse proxy :),the proxy servers are used to hide the details of the clients from the servers and are thus known as "forward proxies." Several client machines are connected to a proxy and they send their requests to the proxy.

If we configure our network’s DNS for internal use only, then a user inside the private network can access the network properly, but external users won’t. So proxy forwarding is needed to access resource inside the network.


The proxy server has two network interfaces and two IP addresses. The IP address on the outgoing side of the proxy is the one the Internet sees, and all the IP addresses of the client machines are hidden from the outside network.