A reverse proxy, on the other hand, routes traffic on behalf of multiple servers. A reverse proxy effectively serves as a gateway between clients, users, and application servers. It handles all the access policy management and traffic routing, and it protects the identity of the server that actually processes the request.
By routing client traffic through a reverse proxy, admins can simplify security administration. They can configure backend servers to only accept traffic directly from the proxy and then configure the granular access control configurations on the proxy itself. All existing servers behind the proxy will be protected accordingly, and whenever admins add a new backend server to the network that is configured to only accept requests from the proxy server, the new backend server is protected according to the proxy configuration.
Using a reverse proxy can also allow administrators to easily swap backend servers in and out without disrupting traffic.
Because clients interact directly with the proxy, they only need to know its host name and don't need to worry about changes to the backend network topology. In addition to simplifying client configuration, an admin can configure a reverse proxy to load-balance traffic so that requests can be more evenly distributed to the backend servers and improve overall performance.
When onboarding a new user to a network, administrators must configure access control and firewalls to ensure the user can access the appropriate resources. Traditionally, an admin has to configure each server for which users need access. In a large organization with many servers, this can be a time-consuming and error-prone process. However, with a reverse proxy, administrators can configure the access rights directly on the proxy server and have the user route all traffic through it.
As such, the backend servers only need to trust and communicate with the proxy directly. This greatly simplifies the configuration process and helps ensure access is granted and revoked correctly by doing so through a single source.
While a reverse proxy can greatly simplify the process of managing access to a network, setting it up and configuring it properly can get complicated. It requires provisioning the host with appropriate specifications, configuring the operating system and firewall, deciding on which proxy software to use such as NGINX or HAProxy , enumerating and configuring the downstream servers in the proxy configuration files, setting up audit logging , and configuring the firewalls in all the downstream servers.
An administrator will need to optimize the proxy software to adjust for performance and availability requirements. For example, when a downstream server fails, the admin should configure the proxy server to quickly reroute traffic to avoid downtime. At scale, the out-of-the-box configurations are rarely sufficient, so testing becomes important. Given all the steps involved in implementing, testing, and optimizing a reverse proxy, you may choose to buy software that can provide this functionality without all the custom work.
Access management software can provide all of this functionality while also managing the ongoing maintenance and user management. In addition to providing standard reverse proxy capabilities, access management software affords a number of unique benefits:. See how Imperva CDN can help you with website performance. Request demo Learn more. Article's content. Latest Blogs. Application Security Application Delivery. William Houcheime. Data Security Bob Bentley. Industry Perspective Application Delivery Data Security Engineering.
Nanhi Singh. Bruce Lynch. As its name implies, a reverse proxy does the exact opposite of what a forward proxy does. While a forward proxy proxies on behalf of clients or requesting hosts , a reverse proxy proxies on behalf of servers. A reverse proxy accepts requests from external clients on behalf of servers stationed behind it as shown below. In our example, it is the reverse proxy that is providing file transfer services.
The client is oblivious to the file transfer servers behind the proxy, which are actually providing those services. In effect, where a forward proxy hides the identities of clients, a reverse proxy hides the identities of servers. An Internet-based attacker would find it considerably more difficult to acquire data found in those file transfer servers than if he didn't have to deal with a reverse proxy.
Just like forward proxy servers, reverse proxies also provide a single point of access and control. You typically set it up to work alongside one or two firewalls to control traffic and requests directed to your internal servers. In most cases, reverse proxy servers also act as load balancers for the servers behind them. Load balancers play a crucial role in providing high availability to network services that receive large volumes of requests.
When a reverse proxy performs load balancing, it distributes incoming requests to a cluster of servers, all providing the same kind of service. So, for instance, a reverse proxy load balancing FTP services will have a cluster of FTP servers behind it, and will manage server load to prevent bottlenecks and delays. Both types of proxy servers relay requests and responses between clients and destination machines. In this post, we talked about the main differences between forward proxy servers and reverse proxy servers.
If you want to protect clients in your internal network, put them behind a forward proxy. On the other hand, if your intention is to protect servers, put them behind a reverse proxy. This helps simplify your file transfer environment by enabling you to consolidate and manage all file transfers and trading partners from a single location.
0コメント