I know what a proxy is, but I'm not sure what a reverse proxy is. It seems to me that it's probably akin to a load balancer. Is that correct?
I know what a proxy is, but I'm not sure what a reverse proxy is. It seems to me that it's probably akin to a load balancer. Is that correct?
A reverse proxy, also known as an "inbound" proxy is a server that receives requests from the Internet and forwards (proxies) them to a small set of servers, usually located on an internal network and not directly accessible from outside. It's "reverse", because a traditional ("outbound") proxy receives requests from a small set of clients on an internal network and forwards them to the Internet.
A reverse proxy can be used to allow authenticated users access to an intranet even when they are located outside. Users on the internal network can access intranet servers directly (their IP address is their authentication), but users outside it must authenticate themselves to the proxy server (usually with a username and password) in order to be allowed in.
Yes correct, a reverse proxy is very often used for load balancing. A reverse proxy presents a single interface for multiples servers and distributes requests between those servers. Its most common uses are load balancing and caching.
A reverse proxy can be used to provide security for internal resources. Two common ones are Microsoft ISA server, and Apache with mod_proxy.
As an example, if you have a Microsoft Exchange server in your internal LAN, but want to give access to internet users for Outlook Web Access (OWA), you could place your server in the DMZ (NOT RECOMMENDED), or open ports in the firewall to your internal network. With a reverse proxy, you would put the reverse proxy in your DMZ, and all OWA requests are directed to the reverse proxy. It then takes that request and forwards it to the Exchange server, acting as a middle-man.
With Apache mod_proxy and named virtual hosts, you can reverse proxy for multiple sites with a single IP address, depending on whether SSL is involved.
This way your servers and data are protected, while still allowing secure access.
Reverse Proxies will also often be used for caching expensive-to-compute resources; this lets you generate a given page one time per minute (for instance) instead of once per request. For high-traffic sites, this can be an important benefit, particularly for the home page; many sites see 70% of their traffic go to the home page and no further. A caching reverse proxy can serve up a static version of this page transparently to the end user without the need for an application rewrite.
A proxy is (essentially) an intermediate for a transaction or request. Standard network usage of "proxy" is for an intermediate which protects the identity/location/etc. of the request creator. A "reverse proxy" is an intermediate which protects the request target. A "transparent proxy" does not protect either side.
Other technology (such as load balancing, packet filtering, caching, etc.) can be combined with proxy technology to (as noted by others) dramatically improve security and performance.
A reverse proxy is so called because it acts as a proxy for incoming requests from outside the LAN. A normal proxy (e.g. Squid or MS ISA) acts as a proxy for outgoing requests from within the LAN.
Normally you would use a reverse proxy for load balancing or security. In the former case it accepts incoming requests (this is a relatively lightweight process) and forwards the requests to one or more web servers which do the actual work. In the latter case it can be used to filter requests from unauthorised sources.