What is a Reverse Proxy server?

A Reverse Proxy server is a web-server-alias that sits in-between the Client/ Internet (from where the web-page requests arrive) and the actual web server (origin server, which holds the web page content to be served to users). The reverse proxy server accepts the web page requests, sends them to the origin server (if that content has not been cached by the reverse proxy server), gets the web-page/ output and sends it back to the client.

reverse proxy server architecture diagramThere are several reasons to why a reverse proxy might be required on a network. First, only the IP address of the reverse proxy server is advertised to the external world. That makes it easier to make any changes to the origin server(s) behind it – like adding more servers, removing some of them, without having to advertise new IP addresses every time.

One of the biggest advantages of this architecture is the possibility to do load-balancing among the various origin servers. Web-servers might expect a huge amount of traffic. Besides, real time traffic like multimedia/ video has become more popular recently. So, one web-server may not be able to cater to a huge number of clients (mostly). In such situations, reverse proxy server could evenly distribute the requests to multiple origin servers, so that each of them can handle more requests to avoid congestion.

Reverse Proxies also enable web server redundancy through fail-over capabilities. If one of the origin servers goes down, the web-page requests could still be handled by the other servers. Reverse proxies can detect when a server is down and not send requests to it till it is up once again.

Reverse proxy servers can cache frequently requested content (both static pages and dynamic pages – to an extant). This enables reverse proxies to serve those content to the clients directly by themselves, thereby saving processing resources of the origin servers. They can even do  SSL encryption with SSL acceleration hardware (if available) on behalf of the web servers, so that the origin servers can be offloaded with this process-intensive function.

Reverse proxy servers can compress the content before sending it to clients to optimize web-content delivery (especially useful in low bandwidth situations). Reverse proxy servers increase the security, as no one has direct access to the origin servers and they could be reached only through the reverse proxy server. And besides, these application servers can be further secured by the use of additional firewalls with rules specific to securing them or more effectively, by using specialized Web Application firewalls.

But there are certain limitations to the reverse proxy servers too – Since reverse proxy servers offer a single point of contact for all the clients, the web service would be terminated if they are down. So, redundant reverse proxy servers are recommended.

Also, if the reverse proxy server is hacked, a considerable of information about the application servers might be exposed. So, the security of reverse proxy servers are very crucial. And besides, there is a chance that the reverse proxy itself might be exposed to a lot of requests that it cannot handle – especially if it is doing additional functions like SSL encryption, which might cause some delays.

There are commercial Application Delivery Controllers which do the reverse proxy function (and much more). Web servers (like Apache, lighttpd, Nginx, etc) can be configured to act as reverse proxy server. There are some open source based free to download reverse proxy server applications like Squid-Cache, Varnish-Cache, etc.

Related Article: Proxy Servers.

excITingIP.com

You could stay up to date on the various computer networking/ related IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’