What are Reverse Proxies?

Introduction

Reverse proxies are exactly what they sound like: they are the opposite of regular HTTP proxies (which are client-side). Such proxies tend to hide the “true identity” of the origin server(s) — they, in essence, they receive a HTTP/HTTPS request and forward information between you and the origin (in effect, there is a “middleman” preventing users from accessing content directly).

As a result, “reverse proxies” are often found in DDoS protection applications, where end-users cannot discover the “direct IP” and thus should not be able to take a website or application offline.

How They Work

Passing along users' header information, a reverse proxy usually forwards the Host header so the origin knows what to serve. Apart from this, popular software such as NGINX also supports the ability to forward web sockets -- and newer HTTP connection types (partial QUIC support, etc.).

What Are Reverse Proxies

Other Uses For Reverse Proxies

While reverse proxies are commonly used to hide the identity of an origin server, they can also be used to balance traffic among multiple origins. An example of this would be a PULL zone on a CDN — data is pulled through a CDN node and is forwarded to users once static data has been cached. This benefits users as they see faster load times (servers also tend to be more well connected internationally to the “origin,” so even if you’re requesting content from a server located thousands of kilometres away, you should see a smaller performance hit over requesting directly).

Popular Reverse Proxy Software

Generally, you will hear about NGINX, Apache, and other web servers being mentioned. These servers thus have two modes of operation:

  • Serving content from a local directory
  • Acting as a reverse proxy

Having said that, there are dedicated reverse proxies; some of which include HAProxy and Varnish.

CDNs vs. Reverse Proxies

Most — if not all CDNs — have a “PULL” zone type. This essentially uses a user-operated backend and many nodes placed in front (an example is below; CDNs usually have many “reverse proxies” to handle requests around the world).

The example uses a single reverse proxy, however the concept should now be easy to understand.

Simply put, while "pull zones" share a common concept (they both "proxy" data to and from a user), CDNs have other features that not all reverse proxies natively implement.

Glossary

HTTP

HTTP is a protocol used to connect to web servers by web browsers to request content to view. This is also used to transfer larger files, and is often used for software updates.

HTTP Headers

HTTP Headers are used to relay information between a server and a client (i.e. responses from a server will contain these "headers").

Proxy

A proxy is a medium (server) that forwards traffic to a requested destination and vice-versa.

HTTPS

HTTPS refers to a secure HTTP request -- that is, the connection between a client and server is secured and encrypted using a trusted SSL certificate.

Reverse Proxy

Reverse proxies are similar to proxies; though they operate in a "flipped model" where data is exchanged between a client <-> server <-> origin.