A reverse proxy is used to provide load balancing services and, increasingly, to enforce web application security at strategic insertion points in a network through web application firewalls, application delivery firewalls, and deep content inspection.
In networking and web traffic, a proxy is a device or server that acts on behalf of other devices. It sits between two entities and performs a service. Proxies are hardware or software solutions that sit between the client and the server in order to manage requests and sometimes responses.
Typically, a reverse proxy server sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. The requested resources are then returned to the client, appearing as if they originated from the proxy server itself. This provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers. A reverse proxy also provides the ability to direct requests based on a wide variety of parameters such as user device, location, network conditions, application health and even the time of day.
Reverse proxy servers and load balancers are both components in a client-server computing architecture. Both act as intermediaries in the communication between the clients and servers, performing functions that improve efficiency. They can be implemented as dedicated, purpose-built devices, but increasingly in modern web architectures they are software applications that run on commodity hardware. While they seem to perform similar functions, let’s explore when and why they’re typically deployed at a website.
A load balancer distributes incoming client requests among a group of servers to ensure satisfactory speed and optimized functioning. Load balancers are most commonly deployed when a site needs multiple servers because the volume of requests is too much for a single server to handle efficiently. Deploying multiple servers also eliminates a single point of failure, making the website more reliable. Most commonly, the servers all host the same content, and the load balancer’s job is to distribute the workload in a way that makes the best use of each server’s capacity, prevents overload on any server, and results in the fastest possible response to the client.
A reverse proxy accepts a request from a client, forwards it to a server that can fulfill it, and returns the server’s response to the client. Whereas deploying a load balancer makes sense only when you have multiple servers, it often makes sense to deploy a reverse proxy even with just one web server or application server. You can think of the reverse proxy as a website’s “public face.” Its address is the one advertised for the website, and it sits at the edge of the site’s network to accept requests from web browsers and mobile apps for the content hosted at the website. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers. The reverse proxy provides:
A reverse proxy is used to provide load balancing services to deliver smoother web experiences and, increasingly, to enforce web application security at strategic insertion points in a network through web application firewalls, application delivery firewalls, and deep content inspection.
When combined with cloud deployments, a reverse proxy can enable cloud bursting and split-application architectures that offer the economic benefits of cloud without compromising control or security.
A reverse proxy may act either as a simple forwarding service or actively participate in the exchange between client and server. When the proxy treats the client and server as separate entities by implementing dual network stacks, it is called a full proxy.
A full proxy creates a TCP client connection along with a separate TCP server connection with a little gap in the middle. The client connects to the proxy on one end and the proxy establishes a separate, independent connection to the server. This is bi-directional on both sides. There is never any blending of connections from the client side to the server side since the connections are independent.
The function of a reverse proxy can be performed by a device, software, or service depending on the complexity of the environment and needs of the organization.
Ideal for cloud-native environments, NGINX Plus is a software-based reverse proxy that performs load balancing, Layer 7 routing and web performance optimization, similar to a hardware device. NGINX Plus also helps improve website performance, reliability, security, and scale. NGINX Plus is much less expensive than hardware-based solutions with similar capabilities. The comprehensive load-balancing and reverse-proxy capabilities in NGINX Plus enable you to build a highly optimized application delivery network. NGINX Plus can be deployed in the public cloud as well as in private data centers at a lower cost than a full proxy.
For more complex and hybrid environments, the F5 BIG-IP system is a full proxy that can be deployed as a full reverse proxy server capable of intercepting, inspecting, and interacting with requests and responses. This includes the basic functions of load balancing and web performance optimization, as well as more advanced traffic management services such as application layer security, web acceleration, page routing and secure remote access.