Proxy, Reverse Proxy & YARP
A forward proxy, often called a proxy, is a server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients.
A forward proxy is useful for internet users to protect their identity online. Some enterprises use a proxy to block access to certain content from their networks.
A reverse proxy is a server that sits in front of one or more web servers, intercepting requests from clients. This is different from a forward proxy, where the proxy sits in front of the clients.
Applications of Reverse Proxy
Load Balancing
An online service serving thousands or millions of users will not handle the incoming traffic with a single web server; On the contrary, a pool of web servers will handle the incoming requests behind a load balancer that distribute the traffic.
DDoS Protection
The reverse proxy hide the IP address of the web server behind it. This makes it much harder for attackers to leverage a targeted attack against it. The proxy will have tighter security and more resources to fend off a cyber attack.
Encryption
SSL or TLS encryption and decryption communications for each client can be computationally expensive for an web server. A reverse proxy can be configured to decrypt all incoming requests and encrypt all outgoing responses, freeing up valuable resources on the origin server.
Caching
A reverse proxy can also cache content, resulting in faster performance. Content delivery network (CDN) is a good example to cache static assets as well as HTML and JavaScript files.
A/B Testing
A reverse proxy can perform A/B testing with no need to change the code. 2 different versions of the same application can be deployed to 2 sets of web servers. This way, new features can be tested based on geographical location or client type (desktop or mobile).
YARP: Yet Another Reverse Proxy
YARP is a library to help create reverse proxy servers that are high-performance, production-ready, and highly customizable. YARP is built on .NET using the infrastructure from ASP.NET and .NET. It’s been designed to be easily customized and tweaked via .NET code to match the specific needs of each deployment scenario.
Yarp provides more advanced features that a traditional reverse proxy.
Header-Based Routing
While transitional reverse proxies Host-Based and Path-Based routing, advanced proxies like Yarp has a broad routing category based on HTTP custom headers. The matching mode that specifies how to match the value(s) against the request header can be configured (exact, prefix or exists).
Authentication and Authorization
The reverse proxy can be used to authenticate and authorize requests before they are proxied to the destination servers. This can reduce load on the destination servers, add a layer of protection, and ensure consistent policies are implemented across your applications. Authorization policies are an ASP.NET Core concept that the proxy utilizes.
Transforms
Yarp can be configured to modify parts of the request or response to adapt to the destination server’s requirements or to flow additional data such as the client’s original IP address. However, the original request objects are not modified by these transforms, only the proxy requests.
Session Affinity
Session Affinity reduces network requests by automatically directing requests from the same client to the same origin web server. It is useful in scenarios where the most requests in a sequence work with the same data and the cost of data access differs for different nodes.
