DEV Community

Sathish Kumar
Sathish Kumar

Posted on

Forward Proxy vs Reverse Proxy

Before going to the topic, one should know about the proxy server and its purpose.

Proxy server provides a gateway between the users and internet. It is referred as "Intermediary Server" because it goes between end-users and the web pages they visit online.

It prevents the invader attacking the private network and one of the tools used to build a firewall.

As you all know, the word proxy is to act behalf of another. In computer networking, proxy server to act on behalf of another machine - either client/server.

Forward Proxy

Generally, more often than not, a proxy server is referred to forward proxy.

A forward proxy is an Internet-facing proxy used to retrieve data from a wide range of sources (in most cases anywhere on the Internet).

Forward proxy provides proxy services to a client or group of clients in a common network. Let me explain with a diagram below

image

When any one of the clients makes a connection request to FTP server that is available in the internet, its request has to pass through the proxy server first.

Depending on the forward proxy setting, the connection request can be allowed or denied. If allowed, the request forwarded to the firewall and to the FTP server. From the FTP server point of view, it the proxy server makes the request not the client. So the response will be addressed to the proxy server.

By then the proxy server receives the response for the request made earlier and the response is forwarded to the client which made the request.

Proxy servers has the details of requests, responses, their sources and their destinations. Different client can send request to various servers through forward proxy and it will be act as intermediate for all of them. Based on the request it can be allowed or denied.

As you can see, it provides single point of access and control which enhances the security policies. Therefore at security stand point, it is aimed at enforcing security on client in the internal network.

But there is not only client systems found in the internal network and might have servers. When client from outside network wants to access the FTP server, a more appropriate solution would be reverse proxy.

Reverse Proxy

A reverse proxy is usually an internal-facing proxy used as a front-end to control and protect access to a server on a private network.

It is just opposite to forward proxy, which proxies on behalf of servers.

image

For the client above, it is the reverse proxy provides the file transfer services. The client requests the FTP servers and the reverse proxy responds based on the response provided by the servers.

Yes, Forward proxy hides the identity of clients and Reverse proxy hides the identity of servers.

An attacker will find it difficult, as one to need to go through the reverse proxy to acquire the data from the server.

Just like forward proxy servers, reverse proxies also provide a single point of access and control. You typically set it up to work alongside one or two firewalls to control traffic and requests directed to your internal servers.

In most times, reverse proxies acts as a load balancer to the servers behind it. Load balancers play a crucial role in providing high availability to network services that receive large volumes of requests. When a reverse proxy performs load balancing, it distributes incoming requests to a cluster of servers, all providing the same kind of service.

Both types of proxy servers relay requests and responses between source and destination machines. But in the case of reverse proxy servers, client requests that go through them normally originate from the Internet, while, in the case of forward proxies, client requests normally come from the internal network behind them.

Thanks for reading :)

P.S: I know it is more of theory, but it could be useful during its configuration with server/firewall.

Discussion (0)