Managed File Transfer and Network Solutions
Forward Proxy vs. Reverse Proxy | JSCAPE
Overview: Forward Proxy vs. Reverse Proxy
We've talked about reverse proxy servers and how they can really be good at protecting the servers in your internal
network. Lately, however, we've realized that some people actually think we're talking about forward proxy servers or
that the two are one and the same. They're not. This post should easily spell out the difference between forward proxy
and reverse.
Just to make sure we're starting off on the same foot, the main purpose of a proxy service (which is the kind of service
either of these two provide) is very similar to what a person aims to achieve when he proxies for another person. That is,
to act on behalf of that other person. In our case, the purpose of a proxy server is to act on behalf of another machine -
either a client or another server.
The Forward Proxy
When people talk about a proxy server (often simply known as a "proxy"), more often than not they are referring to a
forward proxy. Let me explain what this particular server does.
A forward proxy provides proxy services to a client or a group of clients. Oftentimes, these clients belong to a common
internal network like the one shown below.
�When one of these clients makes a connection attempt to that file transfer server on the Internet, its requests have to
pass through the forward proxy first.
Depending on the forward proxy's settings, a request can be allowed or denied. If allowed, then the request is forwarded
to the firewall and then to the file transfer server. From the point of view of the file transfer server, it is the proxy server
that issued the request, not the client. So when the server responds, it addresses its response to the proxy.
But then when the forward proxy receives the response, it recognizes it as a response to the request that went through
earlier. And so it in turn sends that response to the client that made the request.
Because proxy servers can keep track of requests, responses, their sources and their destinations, different clients can
send out various requests to different servers through the forward proxy and the proxy will intermediate for all of them.
Again, some requests will be allowed, while some will be denied.
As you can see, the proxy can serve as a single point of access and control, making it easier for you to enforce security
policies. A forward proxy is typically used in tandem with a firewall to enhance an internal network's security by
controlling traffic originating from clients in the internal network that are directed at hosts on the Internet. Thus, from a
security standpoint, a forward proxy is primarily aimed at enforcing security on client computers in your internal
network.
But then client computers aren't always the only ones you find in your internal network. Sometimes, you also have
servers. And when those servers have to provide services to external clients (e.g. field staff who need to access files from
your FTP server), a more appropriate solution would be a reverse proxy.
�The Reverse Proxy
What is a reverse proxy? As its name implies, a reverse proxy does the exact opposite of what a forward proxy does.
While a forward proxy proxies in behalf of clients (or requesting hosts), a reverse proxy proxies in behalf of servers. A
reverse proxy accepts requests from external clients on behalf of servers stationed behind it just like what the figure
below illustrates.
To the client in our example, it is the reverse proxy that is providing file transfer services. The client is oblivious to the
file transfer servers behind the proxy, which are actually providing those services. In effect, whereas a forward proxy
hides the identities of clients, a reverse proxy hides the identities of servers.
An Internet-based attacker would therefore find it considerably more difficult to acquire data found in those file transfer
servers than if he wouldn't have had to deal with a reverse proxy. No wonder reverse proxy servers like JSCAPE MFT
Gateway are very suitable for complying with data-impacting regulations like PCI-DSS.
Just like forward proxy servers, reverse proxies also provide a single point of access and control. You typically set it up
to work alongside one or two firewalls to control traffic and requests directed to your internal servers.
In most cases, reverse proxy servers also act as load balancers for the servers behind it. Load balancers play a crucial role
in providing high availability to network services that receive large volumes of requests. When a reverse proxy performs
load balancing, it distributes incoming requests to a cluster of servers, all providing the same kind of service. So, for
instance, a reverse proxy load balancing FTP services will have a cluster of FTP servers behind it.
Both types of proxy servers relay requests and responses between source and destination machines. But in the case of
reverse proxy servers, client requests that go through them normally originate from the Internet, while, in the case of
forward proxies, client requests normally come from the internal network behind them.
�Setting Up A HTTPS To HTTP Reverse Proxy
Summary
In this post, we talked about the main differences between forward proxy servers and reverse proxy servers. If you want
to protect clients in your internal network, put them behind a forward proxy. On the other hand, if your intention is to
protect servers, put them behind a reverse proxy.
Reverse Proxy
Last Updated: March 27, 2019 Xiao Guo An (Admin)
8 Comments
IT Knowledge
There are mainly two types of proxy servers: forward proxy and reverse proxy. When people talk
about proxy servers, most of the time they mean forward proxy.
Differences Between Forward Proxy and Reverse Proxy
The main difference between the two is that forward proxy is used by the client such as a web
browser whereas reverse proxy is used by the server such as a web server. Forward proxy can
reside in the same internal network as the client, or it can be on the Internet.
Forward Proxy
Forward proxy can be used by the client to bypass firewall restrictions in order to visit websites
that are blocked by school, government, company etc. If a website blocked an IP range from visiting
the website, then a person in that IP range can use forward proxy to hide the real IP of the client so
that person can visit the website and maybe leave some spam comments. However forward proxy
might be detected by the website administrator. There are some paid proxy service that has
numerous proxy systems around the world so that they can change your IP address every time your
visit a new web page and this makes it harder for website administrators to detect.
�Forward proxy was very useful and popular in the 1990s. Before NAT is integrated into network
routers, forward proxy is the way for multiple computers in the same network to access the Internet.
This type of forward proxy usually resides in the internal network.
Forward proxy can also act as a cache server in an internal network. If a resource is download
many times, then the proxy can cache the content on the server so next time when another
computer download the same content, the proxy will send the content that is previously stored on
the server to the computer.
There’re many different kinds of forward proxy such as web proxy, HTTP proxy, SOCKS proxy etc.
Please keep mind that using forward proxy to browse the Internet usually slows down your overall
Internet speed. That depends on the location between your computer and the forward proxy and
how many people are using that forward proxy.
Another thing to be aware of is that there’re many free forward proxies which is built by hackers for
malicious purpose. If you happen to be using one of these proxies, they will log every activity you do
on the Internet. So free in charge is actually very costly.
Reverse Proxy
Reverse proxy is mainly used by server admins to achieve load balancing and high availability. A
website may have several web servers behind the reverse proxy. The reverse proxy server takes
requests from the Internet and forward these requests to one of the web servers. Most visitors don’t
know websites are using reverse proxy because they usually lack the knowledge and tools to detect it
or they simply don’t care about it. Nginx can be acting both a web server and a reverse proxy at the
same time. HAProxy is another well-known open-source reverse proxy software.
�As Node.js become more and more popular in the web development community, web developers
often put the builtin Node.js web server behind another web server like Nginx, so Nginx is the
reverse proxy. One example is the Ghost blog platform.
