A reverse proxy is a server that sits in front of the webserver, intercepts the request, and either respond to the client with a response from its cache or forward the request to the origin server. A reverse proxy is used to protect the web servers from DDoS attacks, distribute load amongst multiple servers, and utilize its cache to serve static contents without sending requests to the origin server. No client will communicate directly with the server, and the server's IP address will not be revealed to the public.
A proxy is differnt than the reverse proxy which is the server sitting in front of the client to hide ip address of the client machine, circumvent Internet censorship or unblock websites. The main difference between the proxy and reverse proxy is what it is protecting (or hiding). A proxy protects the clients, while reverse proxy protects the servers.
With websites being targetted by DDoS via malware and virus, reverse proxies are used to protect web servers by examining the requests to filter out bots and various web attacks. It also implements WAF (Web Application Firewall) to block unwanted traffic to the origin server. Most DDoS mitigation providers such as the Incapsula, CloudFlare, Akamai and F5 offer reverse proxy services.
Some of the benefits of deploying reverse proxy are as follows:
- Protect from DDoS attacks. Placing the origin servers behind a reverse proxy hides IP addresses of the web servers and hence protect them from DDoS.
- Load Balancing - A site with heavy traffic may not be able to handle the requests by a single server. Having a reverse proxy distribute the load amongst multiple servers will improve performance.
- Protect from programmetic attacks such as XSS and SQL Injection.
- Serve static contents from Cache - Reverse proxy keeps the cached contents of the origin server, and will not have to retrieve static contents every time they are requested. By utilizing a cache and also CDN (Content Delivery Network), web servers will have more resources processing dynamic contents and boost performance.
- SSL Encyption - Some reverse proxy also offer SSL encryption between the proxy and the server. By delegating TLS/SSL encryption and decryption to the reverse proxy, the origin servers will have more resoruces for other processing.
Popular websites are often targetted as a DDoS victims, and mitigating such attacks are almost impossible without a reverse proxy. Reverse proxy not only help mitigate various web attacks, but also help with performance improvement by caching, CDN, SSL and Load Balancing.In today's high volatile web trends, deploying a reverse proxy will protect your web property from various attacks and improve security and performance.
Share this post
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.