As an online business, you have a lot expected of you. Your website must be consistently fast, secure, and reliable enough to keep visitors coming back. Anything less and you risk looking unprofessional to prospective customers.
There are a wealth of technologies to make the process of building and maintaining a website as hands-off as possible: content management systems to publish your site’s content, full-service hosting providers that give your site a home, and even website builders that can handle almost every aspect of your site.
In this post, we’re going to explore another common method leveraged by businesses to run safe, high-performing websites — it’s called a reverse proxy.
That term might sound a bit cryptic now, but the concept of a reverse proxy and its uses is relatively straightforward if you understand the basics of the internet. By the end of this post, you’ll know the fundamentals of how reverse proxies (and proxy servers in general) work, and whether implementing one is worth it for your business.
What is a proxy server?
Put simply, the internet can be understood as a bunch of devices and programs, called clients, talking to other devices and programs that store websites, called servers. When you visit a website, your web browser (the client) makes a request to the website’s server, and the server returns a response containing all the files needed to display the web page in your browser.
This isn’t the full story, though. Requests and responses can encounter other servers between the client and server machines — these are called proxy servers.
In computer networking, a proxy server, or proxy for short, is a server located between a client and the server that hosts a website (we’ll call this the “origin” server). Proxies process client requests and optimize the network in some way, such as enhancing security, speed, or reliability.
The term “proxy server” usually refers to a type of proxy called a forward proxy. A forward proxy sits in front of one or more client machines, and processes both outgoing requests to and incoming responses from an external network (like the internet). This way, the client never communicates directly with other servers — the forward proxy communicates on behalf of the client.
There are several reasons why a client might want to use a proxy server. One is anonymity: Since the forward proxy acts as your “face” while browsing the internet, any tracking software will have a harder time tracing your activity back to your masked IP address — it will only see that the request originated from your proxy server, not your client machine.
Forward proxies can also impose browsing restrictions. For example, a company or school may block certain websites with a forward proxy by intercepting outgoing requests from the network and filtering out requests to prohibited websites. (Ironically, forward proxies can also help users bypass such restrictions, but that’s a topic for another time.)
Proxy servers may also be used to protect clients from harmful traffic, monitor the activity of client machines, and cache page content for faster browsing. What’s most important, though, is that forward proxies work for the client.
What is a reverse proxy?
A reverse proxy is a type of proxy server positioned in front of one or more origin servers, responsible for processing and forwarding requests from clients. A reverse proxy provides an additional layer of security and performance to optimize a website or web service.
A reverse proxy works by intercepting a request from a client, performing some action on the request, then sending the request on to the appropriate origin server in the network. The origin server’s response then travels back through the reverse proxy, giving the impression to clients that the proxy server handled the request on its own.
If you run a website, you can think of a reverse proxy as the gateway between clients and your site — clients only communicate directly with your reverse proxy server and not your origin servers that house your site’s infrastructure and private data. This system has a number of benefits that we’ll cover soon.
Forward proxies and reverse proxies are similar in function, but they’re not quite the same. The key difference is this: A forward proxy generally works on behalf of the client making requests, while the reverse proxy generally works on behalf of the server receiving requests (hence the “reverse” in the name). A forward proxy prevents direct communication with a client or group of clients, and a reverse proxy prevents direct communication with a server or group of servers.
To implement a reverse proxy, an organization may create one in-house. An increasingly popular alternative, however, is reverse proxies as a service, such as through content delivery networks (CDNs).
Why use a reverse proxy?
Why might a business or organization invest in a reverse proxy for their website when a direct client-server connection could be simpler and cheaper?
The reason is that reverse proxies can improve a website’s speed, security, reliability, and efficiency. Here’s how:
One main benefit to reverse proxies is their ability to conduct load balancing. Load balancing is the process of distributing incoming traffic across multiple servers in a network to avoid depleting any one server’s resources and maintain performance.
If a website receives a million requests per day, one server won’t be able to handle all the traffic alone — multiple origin servers are needed. In load balancing, a proxy server intercepts each incoming client request and forwards it to the best origin server to ensure an even allocation of traffic across all servers.
Origin servers on the network may all host the same content. Or, each server may serve different purposes. In the latter case, the reverse proxy will be responsible for routing each request to the appropriate server based on the content of the request.
Load balancing also prevents errors in the case of a server failure. If one server stops working or must be shut down, the reverse proxy can offload the extra traffic onto the remaining functional servers, keeping the website live with little to no effect on the client end.
Reverse proxy servers can also be a valuable security asset for a website, acting as a barrier to its most important servers.
Your origin servers support your website and likely store sensitive information. By concealing these servers from the public, you greatly reduce the chance of data breach or injection. More specifically, a reverse proxy hides the IP addresses of your origin servers, which makes it much more difficult for hackers to deploy distributed denial-of-service (DDoS) attacks and other targeted attacks on your servers.
Additionally, a reverse proxy may be configured to vet requests headed for your origin servers. You can blacklist certain harmful IP addresses and let your reverse proxy “scrub” them out, and install software on the reverse proxy server to monitor for suspicious activity, log requests and responses, and control any sudden influxes in traffic.
Website owners can leverage reverse proxies to improve performance as well. You might configure your proxy to compress outgoing files, for example, ensuring they’re delivered to clients more quickly than uncompressed files.
Reverse proxy servers are also capable of caching content and delivering based on geographic location. For instance, a CDN may store copies of a website on its globally distributed proxy servers. When a client pings the website, the closest proxy delivers the cached content to them, significantly boosting performance. This method is called global server load balancing (GSLB).
To further improve performance, proxy servers may handle SSL/TLS encryption and decryption for incoming and outgoing files. This process is resource-intensive, so delegating it to the reverse proxy frees up resources on the origin server to handle other things like fetching or constructing web pages from the database.
Finally, a reverse proxy server makes it easier for larger websites spread across multiple origin servers to perform maintenance and upgrades. The reverse proxy serves as a single destination for all traffic coming to a website, no matter how many servers sit behind it. Your local network is abstracted from visitors behind your reverse proxy.
Such a configuration allows IT staff to perform server maintenance and upgrades like deactivating a server, replacing software and/or hardware, or addressing a bug. As far as clients are concerned, your site’s point of access is your reverse proxy server — whatever happens behind it isn’t their concern, as long as your reverse proxy delivers the content they request.
Reverse Proxies: Not as Mysterious as They Sound
Forward and reverse proxies might sound like obscure terms to those unfamiliar. Really, if you’re not in IT or network administration, you probably won’t have to work with them directly. Still, whether you work for a business that implements a forward proxy in its network or if you frequently visit popular websites, you use this technology every day.
Running an online business yourself? Consider whether a reverse proxy service might make sense. If you’re housing particularly sensitive assets on your servers, experiencing increased server loads and slow page load times, or dealing with excessive pesky bot traffic, a proxy server can address all of these issues and more — it might just be worth the extra cost.