A forward proxy (a.k.a “proxy”) is an intermediary server that sits closer to client machines than to origin servers. It intercepts client requests and communicates to web servers on their behalf. The flow goes something like this.
- The client machine makes a request.
- Forward proxy intercepts request, does any work necessary (e.g., edit or block the request), and forwards request to an origin server.
- Origin server returns request to forward proxy. Forward proxy does any work necessary with the response, and returns response to client.
- Restrict access to particular websites (social media, pornography, etc).
- Protect identity of users. For example, the web server will identify the proxy’s IP address as the source of the request rather than the client machine.
A reverse proxy (a.k.a. “gateway”) is an intermediary server that sits closer to web servers than to clients. It typically sits in front of web servers and does some work with incoming requests from clients or with outgoing responses from web servers.
- Load balancing. A single server may not be able to cope with high traffic so a reverse proxy can be used to distribute the traffic to multiple servers. If a server fails for some reason, other servers will be there to handle the traffic.
- Protect against DDoS attacks. A reverse proxy can be used to hide the IP address of origin servers so that attackers can’t overload them with requests. Special reverse proxies such as Cloudflare’s CDN are built to fend off cyber-attacks like DDoS.
- Caching. Reverse proxies can be distributed in different cities all over the world. When clients connect to origin servers for the first time, the proxy that’s geographically closest to them can cache responses. In future requests, the client may not have to make the longer round-trip request to the origin server that may be located in another part of the globe.
- SSL encryption. Encryption and decryption of requests can be offloaded to a reverse proxy to free up resources for web servers.