Proxy Vs Reverse Proxy

Nuwan Tissera

Published in

CodeAcid

2 min readJul 6, 2019

The server doesn't have any idea on which client connected — Proxy

The client doesn't have any idea on which server connected to — Reverse Proxy

Proxy

Proxy (is a server) hides the identity of the client.

The client will request to proxy and proxy will make the request to the server. So the server will never know who is the client. When the server responds to the proxy, proxy will route the traffic to the client (proxy has routing table).

Benefits of Proxy

Anonymity — Server doesn't know “who I am’’

Caching — Proxy will keep a local cache on requests it passes through.

GeoFencing — Differentiate users based on their geographical location [1].

Blocking unwanted sites — Benefit not for clients, but for government ;-)

Reverse Proxy

Reverse Proxy hides the identity of the server.

e.g: Google has its own reverse proxy. Google hides the identity of its servers. So, what we see as google.com is IP of Googles’ reverse proxy.

The client doesn’t have any idea what is behind the reverse proxy.

When we are connected to google proxy via Https (443 is the Standard TCP port used in websites that use SSL[2]), it acts as a load balancer and distributes the traffic evenly. There are a few algorithms related to load-balancing and the default one is the round-robin algorithm (It checks the availability is the order like server 1,2,3…1,2,3… as in above diagram).

i.e: Proxy to Server port (e.g: 8080) can be insecure Because it's completely inaccessible to the outside world. But its highly encouraged to keep the connection from the client to proxy with security and proper certificates.

Benefits of Reverse Proxy

Load balancing — as we discussed.

Caching — Its always good unless its stale cache.

Isolation of internal Traffic — Server can be configured to run as a container, VM etc. [3]

Logging — Keep track of all the traffic it passes through.

Canary Deployment/ blue-green deployment, —you can upgrade applications with no interruption of the service. This is very trending with Dockers (Rolling updates).[4]

Reference

[1] https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-by-geoip/

[2] https://www.grc.com/port_443.htm

[3] https://www.haproxy.com/blog/preserve-source-ip-address-despite-reverse-proxies/

[4] https://www.conviva.com/blog/canary-deployment-with-nginx/