The most common use-case is a corporate internal web server that is hidden from the internet and an external facing webserver accessible from the internet.  If the internal web server needs to serve content to the external web server, this can be accomplished via a reverse proxy. Essentially, you are providing a front for the internal web server with a friendly URL, potentially hiding internal URLs and ports.

As an example, suppose your internal web server is http://10.3.2.43:8000.  This internal server can be made available via a public URL such as http://admin.mywebsite.com/ .  This custom (vanity) URL can be made public or it can be internally visible as well.

So, Reverse Proxies are used to ‘conceal’ your internal server farm. In addition to concealment, reverse proxies can provide ‘intrusion protection’ – against attacks such as DDoS attacks.

In addition to providing privacy (concealment) and security (DDoS protection), reverse proxies can be utilized for a variety of other application specific tasks:

  • Http Compression – Compressing server responses before returning them to the client (for instance, with gzip) reduces the amount of bandwidth they require, which speeds their transit over the network.
  • SSL assistance – Encrypting the traffic between clients and servers protects it as it crosses a public network like the Internet. Decryption and encryption can be computationally expensive. By decrypting incoming requests and encrypting server responses, the reverse proxy frees up resources on backend servers which they can then devote to their main purpose, serving content.
  • Http Caching – Before returning the backend server’s response to the client, the reverse proxy stores a copy of it locally. When the client (or any client) makes the same request, the reverse proxy can provide the response itself from the cache instead of forwarding the request to the backend server. This both decreases response time to the client and reduces the load on the backend server.

Firewalls versus Reverse Proxies

For a lot of URL rewriting and redirection, a firewall can essentially serve the same purpose as a reverse proxy.

Reverse Proxy in the Cloud (AWS)

While load balancers are easy to provision in AWS (or Azure), reverse proxies are slightly different beasts. Essentially, you need an EC2 instance with either IIS or Apache to serve as your reverse proxy. If you want to avoid using a full blown web server for a proxy, you can use a product like nginix – https://www.nginx.com/

Create EC2 NGINX instance
Setup a public IP
Configure reverse proxy (nginx.conf file) on NGINX for your concealed website – like shown below.

events {}
 
http {
 
  server {
    listen 80 default_server;
    server_name www.example.com;
    location / {
      proxy_pass http://example.iana.org;
    }
  }
 
}

Summary

Reverse proxies are typically used in conjunction with load balancers – to hide (conceal) the underlying, internal server farm. However, given that these proxies are usually full-blown web servers, they can be utilized for a  host of other functions – such as data compression, encryption/decryption and response caching.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.