Forward Proxy vs Reverse Proxy

1 mainIn the previous two blog posts, we discussed about forward and reverse proxies. In this post, we will look at a real example and see how we differentiate between the two. The word proxy describes someone acting on behalf of anyone else. In the world of computers, we are talking about one machine acting on the behalf of another machine. Students do this in real life because they don’t want to attend all the classes, but they want the attendance. Well, machines don’t want to attend all the classes either! So let’s go ahead and see what those differences are and how we can understand them.  

Forward proxy

Most of the discussion about web proxies refers to the type of proxy known as a “forward proxy”. The proxy event in this case is that the forward proxy retrieves data from another web site on behalf of the machine that originally made the request. Let’s consider an example with 3 computers:

X = Your computer. This is called the “client” computer on the internet.
Y = The proxy website, proxy.mysite.org
Z = The website you actually want to visit, http://www.mysite.com

If you didn’t have the forward proxy, you would just connect directly from X to Z. However, in the presence of forward proxy, you would connect from Y to Z on behalf of X. This would chain as: X –> Y –> Z.

The reason why X would want to use a forward proxy server is because X is unable to access Z directly. This can happen when someone with administration authority over X’s internet connection has decided to block all access to site Z or when the administrator of Z has blocked X.

Reasons for a forward proxy server

A few real life use cases are given below:

  • Let’s say there is a malicious virus spreading by tricking people into visiting freetickets2014.com. So the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.
  • Employees at a large company have been wasting too much time on social networks or video streaming sites. So the management wants to block these sites during business hours.
  • A local elementary school disallows internet access to the adult websites.
  • A government is unable to control the publishing of news, so it controls access to news instead, by blocking sites such as Wikipedia, Twitter, etc.
  • The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X’s ip address.
  • Z is a forum web site. X is spamming the forum. Z blocks X.

Reverse proxy

Let’s consider a the following three computers:

X = Your computer. This is called the “client” computer on the internet.
Y = The reverse proxy web site, proxy.example.com
Z = The web site you want to visit, http://www.example.net

Normally, one would connect directly from X to Z. However, in some cases, it is better for the administrator of Z to restrict or disallow direct access, and force visitors to go through Y first. So, as before, we have data being retrieved by Y –> Z on behalf of X, which chains as follows: X –> Y –> Z.

What is different this time compared to a forward proxy? Well, this time the user X does not know that he is accessing Y. A reverse proxy is typically less visible than a “forward proxy”, and requires no configuration or special knowledge by the client, X. The client X probably thinks he is visiting Z directly (X –> Z), but the reality is that Y is the invisible go-between (X –> Y –> Z again).

Reasons for a reverse proxy server

We need a reverse proxy if Z wants to force all traffic to its web site to pass through Y first. Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers, and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works. Examples include Apple Trailers using Akamai, Jquery.com hosting it’s javascript files using CloudFront CDN, etc.

We would also need a reverse proxy when the administrator of Z is worried about retaliation for content hosted on the server, and does not want to expose the main server directly to the public. Owners of spam brands appear to have thousands of servers. But in reality, most websites are hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server. In the above scenarios, Z has the ability to choose Y.

————————————————————————————————-

2 thoughts on “Forward Proxy vs Reverse Proxy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s