Jump to content

Reverse proxy: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
added reference to the fact that there also not-so legitimate reasons for using a reverse server
No edit summary
Line 1: Line 1:
Defining "reverse proxy" logically depends on the definition of "proxy". A "proxy" in common usage, is a stand-in for a web-browser. When a web browser requests access to a web resource, the web resource needs some idea of where it should send the answer. In "reverse", the proxy stands-in for the web server. In such a case, the true location of the web server (whose content is being served) is hidden, from the standpoint of the client making the request.
{{cleanup}}Defining "reverse proxy" logically depends on the definition of "proxy". A "proxy" in common usage, is a stand-in for a web-browser. When a web browser requests access to a web resource, the web resource needs some idea of where it should send the answer. In "reverse", the proxy stands-in for the web server. In such a case, the true location of the web server (whose content is being served) is hidden, from the standpoint of the client making the request.


In contrast, a ''forward proxy'' acts as a proxy for out-bound traffic. For example, an [[Internet service provider|ISP]] may use a proxy to forward [[HTTP]] traffic from its clients to external web servers on the Internet; it may also [[cache]] the results to improve performance.<ref>[http://rbt.phs.com.tw/manual/glossary.html#Proxy An intermediate server that sits between the client and the origin server. It accepts requests from clients, transmits those requests on to the origin server, and then returns the response from the origin server to the client. If several clients request the same content, the proxy can deliver that content from its cache, rather than requesting it from the origin server each time, thereby reducing response time.]</ref>
In contrast, a ''forward proxy'' acts as a proxy for out-bound traffic. For example, an [[Internet service provider|ISP]] may use a proxy to forward [[HTTP]] traffic from its clients to external web servers on the Internet; it may also [[cache]] the results to improve performance.<ref>[http://rbt.phs.com.tw/manual/glossary.html#Proxy An intermediate server that sits between the client and the origin server. It accepts requests from clients, transmits those requests on to the origin server, and then returns the response from the origin server to the client. If several clients request the same content, the proxy can deliver that content from its cache, rather than requesting it from the origin server each time, thereby reducing response time.]</ref>

Revision as of 08:52, 5 January 2011

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|reason=<Fill reason here>}}, or remove the Cleanup template.
Defining "reverse proxy" logically depends on the definition of "proxy". A "proxy" in common usage, is a stand-in for a web-browser. When a web browser requests access to a web resource, the web resource needs some idea of where it should send the answer. In "reverse", the proxy stands-in for the web server. In such a case, the true location of the web server (whose content is being served) is hidden, from the standpoint of the client making the request.

In contrast, a forward proxy acts as a proxy for out-bound traffic. For example, an ISP may use a proxy to forward HTTP traffic from its clients to external web servers on the Internet; it may also cache the results to improve performance.[1]

There are several legitimate reasons for installing reverse proxy servers, and there are not-so legitimate reasons.

  • Security: reverse proxies provide an additional layer of defense by masking the web server behind the proxy. Reverse proxies can also provide Application firewall features, to protect against common web-based attacks. When the resource being served is malware, removing the malware or initiating a takedown becomes difficult.
  • Encryption / SSL acceleration: when secure websites are created, the SSL encryption is sometimes not done by the Web server itself, but offloaded to a reverse proxy that may be equipped with SSL acceleration hardware.
  • Load distribution: the reverse proxy can distribute the load to several servers, each server serving its own application area. In the case of reverse proxying in the neighborhood of Web servers, the reverse proxy may have to rewrite the URLs in each webpage (translation from externally known URLs to the internal locations).
  • Caching: A reverse proxy can offload the Web servers by caching static content, such as images, as well as dynamic content, such as a web page rendered by PHP. Proxy caches of this sort can often satisfy a considerable amount of website requests, greatly reducing the load on the central web server; another term is Web accelerator. This technique is also used for the Wikipedia servers.
  • Compression: the proxy server can optimize and compress the content to speed up the load time.
  • Spoon feeding: a dynamically generated page can be produced all at once and served to the reverse-proxy, which can then return it to the client a little bit at a time. The program that generates the page is not forced to remain open and tying up server resources during the possibly extended time the client requires to complete the transfer.[2]

See also

Servers used commercially:

  • Apache HTTP Server may be extended with mod_proxy to be used as a reverse proxy; a caching reverse proxy server may be configured using the mod_cache module in conjunction with mod_proxy.[3]
  • Apache Traffic Server - An open source, high-performance routing and caching server
  • CACHEbox is a high performance HTTP/HTTPS/FTP caching proxy appliance supporting reverse as well as forward deployment modes.
  • GoAnywhere Gateway - An enhanced reverse proxy that allows FTP, FTPS, SFTP and HTTP services without exposing sensitive files in the DMZ or opening incoming ports into the internal network.
  • Internet Information Services 7.0 with URL Rewrite v2 and Application Request Routing can act as Reverse Proxy.[4]
  • Lighttpd can be used as a reverse proxy with load balancing capabilities.
  • LiteSpeed Web Server can be used as a transparent reverse proxy server running in front of any web server or application server that supports HTTP protocol.
  • Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security and Acceleration Server (ISA Server) - A commercial proxy, firewall and caching solution by Microsoft.
  • Nginx - Web and Reverse proxy server.
  • Novell Access Manager is a commercial security solution which includes a reverse proxy, a policy based access manager and SSL VPN. All components use a LDAP like directory or federation with Liberty and others.
  • Perlbal is a Perl-based reverse proxy load balancer and web server.
  • Pound, a lightweight open source reverse proxy.
  • McAfee Web Gateway is a product that can act as a reverse proxy. It also provides SSL decryption, caching, AV, Anti-Spam and other threat detection techniques.
  • Squid is a proxy server that may be installed in a reverse proxy configuration.
  • Stunnel can be used as a local SSL reverse proxy.
  • Sun Java System Web Server includes reverse proxy module with load balancing capabilities.
  • Varnish is a performance-focused open source reverse proxy. It has a policy configuration language to allow extension. It features ESI, SaintMode, DNS director and native support for In-line C.
  • WinGate supports reverse-proxying with SSL, authentication, and multiple virtual hosts.
  • Zeus is a product that can function as both a forward and reverse proxy, as well as content load balancer.

References

  1. ^ An intermediate server that sits between the client and the origin server. It accepts requests from clients, transmits those requests on to the origin server, and then returns the response from the origin server to the client. If several clients request the same content, the proxy can deliver that content from its cache, rather than requesting it from the origin server each time, thereby reducing response time.
  2. ^ SpoonFeeding explanation in squid
  3. ^ mod_proxy - Apache HTTP Server
  4. ^ "Reverse Proxy with URL Rewrite v2 and Application Request Routing". July 16, 2009. Retrieved 2010-03-12.