Reverse Proxy

The reverse proxy is a proxy that the resources for a client of one or more servers obsolete. The address translation is performed in the opposite direction, whereby the true address of the target system is hidden from the client. During a typical proxy can be used for multiple clients to an internal ( private - self-contained ) to grant access to an external power grid, a reverse proxy works the other way around.

Reverse proxy as the forwarding module of a firewall

The reverse proxy firewall initially offer the same functionality as port forwarding and so allow initiated externally connect to a behind the relay server on the internal network. Once they work as proxy Dedicated, they understand the network protocol and are then also able to analyze the data of the network packets and edit. They can, for example, make a virus scan or implement rules that refer to the package contents.

In contrast, there are also reverse proxies that are not part of the firewall software, and still pursue the goal of being able to access an internal computer from the external network out, but without having to manually configure the firewall accordingly. For this purpose, the internal computer first establishes a connection to a specific external host that makes the external computer can communicate through the firewall to the internal computer. Runs on the remote machine a reverse proxy, so now able to access the internal computer behind the firewall, any other computer from the external network by sending their requests to the reverse proxy of the remote computer ( the reverse proxy forwards the requests to the an internal computer ).

Reverse proxy for performance optimization

An entirely different task, a reverse proxy fulfill that accepts requests for a service, to improve the speed or rate of access to the service or functionally to expand. It can be installed locally on the target system, or run on a separate hardware, and example, works as a HTTP accelerator, also called surrogate proxy. Connections from the Internet to a web server are handled by the proxy, which answered the questions themselves, if they are in their own cache, or otherwise passed on to the downstream service, or a remote server.

Other scenarios a Reverse Proxy

There are several reasons to use a reverse proxy:

  • The web server is relieved by outsourcing the encryption (possibly considerably ).
  • The proxy can cache Web content, which would not otherwise be possible and represents a further relief of the web server.
  • ACLs can be applied on encrypted pages because the proxy, the header looks like in plain text.

In case of failure of the underlying web server ( or in case of failure: for example, HTTP 500) may also be displayed a " user-friendly " message.

Furthermore, a reverse proxy can also be used as an open proxy to send requests in " his name " to foreign server, although this is not intended by the operator such. Therefore, it may be advisable to configure it so that it only responds to requests to specific servers. As an example, this happens with Squid by a rule http_access allow the final rule http_access deny ave

  • Anonymity
  • IT architecture
  • Server
Client (computing) Cache (computing) Access Control List
679979
de