Overview

We've talked about reverse proxy servers and how they can really be good at protecting the servers in your internal network. Lately, however, we've realized that some people actually think we're talking about forward proxy servers or that the two are one and the same. They're not. This post should easily spell out the differences between the two.

Just to make sure we're starting off on the same foot, the main purpose of a proxy service (which is the kind of service either of these two provide) is very similar to what a person aims to achieve when he proxies for another person. That is, to act on behalf of that other person. In our case, a proxy server acts on behalf of another machine - either a client or another server.

The Forward Proxy

When people talk about a proxy server (often simply known as a "proxy"), more often than not they are referring to a forward proxy. Let me explain what this particular server does.

A forward proxy provides proxy services to a client or a group of clients. Oftentimes, these clients belong to a common internal network like the one shown below.

When one of these clients makes a connection attempt to that file transfer server on the Internet, its requests have to pass through the forward proxy first.

Depending on the forward proxy's settings, a request can be allowed or denied. If allowed, then the request is forwarded to the firewall and then to the file transfer server. From the point of view of the file transfer server, it is the proxy server that issued the request, not the client. So when the server responds, it addresses its response to the proxy.

But then when the forward proxy receives the response, it recognizes it as a response to the request that went through earlier. And so it in turn sends that response to the client that made the request.

Because proxy servers can keep track of requests, responses, their sources and their destinations, different clients can send out various requests to different servers through the forward proxy and the proxy will intermediate for all of them. Again, some requests will be allowed, while some will be denied.

As you can see, the proxy can serve as a single point of access and control, making it easier for you to enforce security policies. A forward proxy is typically used in tandem with a firewall to enhance an internal network's security by controlling traffic originating from clients in the internal network that are directed at hosts on the Internet. Thus, from a security standpoint, a forward proxy is primarily aimed at enforcing security on client computers in your internal network.

But then client computers aren't always the only ones you find in your internal network. Sometimes, you also have servers. And when those servers have to provide services to external clients (e.g. field staff who need to access files from your FTP server), a more appropriate solution would be a reverse proxy.

The Reverse Proxy

As its name implies, a reverse proxy does the exact opposite of what a forward proxy does. While a forward proxy proxies in behalf of clients (or requesting hosts), a reverse proxy proxies in behalf of servers. A reverse proxy accepts requests from external clients on behalf of servers stationed behind it just like what the figure below illustrates.

To the client in our example, it is the reverse proxy that is providing file transfer services. The client is oblivious to the file transfer servers behind the proxy, which are actually providing those services. In effect, whereas a forward proxy hides the identities of clients, a reverse proxy hides the identities of servers.

An Internet-based attacker would therefore find it considerably more difficult to acquire data found in those file transfer servers than if he wouldn't have had to deal with a reverse proxy. No wonder reverse proxy servers like JSCAPE MFT Gateway are very suitable for complying with data-impacting regulations like PCI-DSS.

Just like forward proxy servers, reverse proxies also provide a single point of access and control. You typically set it up to work alongside one or two firewalls to control traffic and requests directed to your internal servers.

In most cases, reverse proxy servers also act as load balancers for the servers behind it. Load balancers play a crucial role in providing high availability to network services that receive large volumes of requests. When a reverse proxy performs load balancing, it distributes incoming requests to a cluster of servers, all providing the same kind of service. So, for instance, a reverse proxy load balancing FTP services will have a cluster of FTP servers behind it.

Both types of proxy servers relay requests and responses between source and destination machines. But in the case of reverse proxy servers, client requests that go through them normally originate from the Internet, while, in the case of forward proxies, client requests normally come from the internal network behind them.

Forward Proxy vs Reverse Proxy的更多相关文章

  1. reverse proxy and forward proxy

    1 什么是forward proxy 一句话,client的proxy就是forward proxy. 2 什么是reverse proxy 一句话,server的proxy就是reverse pro ...

  2. 正向代理 forward proxy、反向代理 reverse proxy、透明代理 transparent proxy

    https://zh.wikipedia.org/wiki/反向代理 反向代理在计算机网络中是代理服务器的一种.服务器根据客户端的请求,从其关系的一组或多组后端服务器(如Web服务器)上获取资源,然后 ...

  3. Differences Between 3 Types Of Proxy Servers: Normal, Transparent And Reverse Proxy

    What is a Proxy Server? A Proxy server is an intermediary machine, between a client and the actual s ...

  4. 正向代理 forward proxy、反向代理 reverse proxy、透明代理 transparent proxy nginx反向代理原理和配置讲解 防止外部客户机获取内部内容服务器的重定向 URL 缓存命中

    [大型网站技术实践]初级篇:借助Nginx搭建反向代理服务器 - Edison Chou - 博客园http://www.cnblogs.com/edisonchou/p/4126742.html 图 ...

  5. Forward Proxy & Reverse Proxy | 正向代理 和 反向代理

    对请求和响应内容不做修改的转发的服务器,被称为代理服务器.代理服务器分为两种类型:正向代理 和 反向代理. 正向代理:面向互联网,从更广范围获取信息的代理. 反向代理:面向内部,一般用于某企业的网站的 ...

  6. 反向代理Reverse proxy

    https://www.zhihu.com/question/24723688/answer/160252724 反向代理在计算机世界里,由于单个服务器的处理客户端(用户)请求能力有一个极限,当用户的 ...

  7. Master Nginx(5) - Reverse Proxy Advanced Topics

    Security through separtion Encrypting traffic with SSL Authenticating clients using SSL Blocking tra ...

  8. 反向代理(Reverse Proxy)

    反向代理(Reverse Proxy)方式是指以代理服务器来接受internet上的连接请求,然后将请求转发给内部网络上的服务器,并将从服务器上得到的结果返回给internet上请求连接的客户端,此时 ...

  9. Nginx应用-Location路由反向代理及重写策略 请求转发-URL匹配规则 NGINX Reverse Proxy

    NGINX Docs | NGINX Reverse Proxy https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ ...

随机推荐

  1. 【BZOJ】1026: [SCOI2009]windy数(数位dp)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1026 我果然很弱啊... 考虑数位dp.枚举每一位,然后限制下一位即可. 一定要注意啊!在dfs的时 ...

  2. 【BZOJ】1665: [Usaco2006 Open]The Climbing Wall 攀岩(spfa)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1665 这题只要注意到“所有的落脚点至少相距300”就可以大胆的暴力了. 对于每个点,我们枚举比他的x ...

  3. 使用Using的注意事项

    参数传递 C#中有四种参数类型:值类型,Ref参数,Out参数,params参数.默认参数都是以传值方式传递,这意味着方法中的变量会在内存中被分配新的存储空间,并赋值.对于引用类型,这种传值意味着传递 ...

  4. 项目文件不完整。缺少预期导入,DotnetCore如何切换SDK版本

    1. 项目文件不完整.缺少预期导入 如图: 2. 出现原因: SDK版本与项目所需的SDK版本不一致. 3. 解决问题: 3.1 项目所需的SDK版本如何确定? a. 检查.sln文件所在目录是否有: ...

  5. Sublime Text 加入右键菜单

    Sublime Text 2 是现在很受大家欢迎的编辑器了,不仅是在web前端,在书定简单的php.Js等代码时,也是相当的好用,再配合多种的插件和新颖的界面,更是让人欲罢不能. 在使用时,我们通过喜 ...

  6. (转)ThreadLocal

    转自:http://blog.csdn.net/lufeng20/article/details/24314381 Thread同步机制的比较 ThreadLocal和线程同步机制相比有什么优势呢?T ...

  7. AderTemplate

    http://www.cnblogs.com/kwklover/archive/2007/07/12/815509.html 概述 AderTemplate是一个小型的模板引擎.无论是拿来直接使用还是 ...

  8. hdu 4055(经典问题)

    总是不能正确的将一个大问题变成子问题,而且又找不到状态转移方程. 直接导致这题想了5个小时最后还是无果... 谨记! Number String Time Limit: 10000/5000 MS ( ...

  9. float元素一定要闭合

    float:left; float:right; 一定要两个元素一起放float

  10. JAVA三框架工作原理是什么?

    一.struts的工作原理: 1.初始化,读取struts-config.xml.web.xml等配置文件(所有配置文件的初始化) 2.发送HTTP请求,客户端发送以.do结尾的请求 3.填充Form ...