0X01 Forward Proxy#
Forward proxy is a server located between the client and the origin server. To obtain content from the origin server, the client sends a request to the proxy and specifies the target (origin server), then the proxy forwards the request to the origin server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.
Forward proxy is similar to a jump server, allowing the proxy to access external resources.
0X02 Reverse Proxy#
Reverse proxy is exactly the opposite; to the client, it appears as the origin server, and the client does not need to make any special settings. The client sends a normal request to the content in the namespace of the reverse proxy, then the reverse proxy determines where to forward the request (to the origin server) and returns the obtained content to the client, as if this content originally belonged to it.
The actual operation of a reverse proxy refers to using a proxy server to accept connection requests from the internet, then forwarding the requests to servers on the internal network, and returning the results obtained from the servers to the clients requesting connections on the internet. At this point, the proxy server appears to the outside as a single server.
(1) Ensures the security of the internal network, can use reverse proxy to provide WAF functionality to prevent web attacks.
Large websites often use reverse proxies as public access addresses, with web servers on the internal network.
(2) Load balancing, optimizing website load through reverse proxy servers.
0X03 Differences#
In forward proxy, the proxy and client are on the same LAN, transparent to the server;
In reverse proxy, the proxy and server are on the same LAN, transparent to the client.
In fact, the proxy performs the same function of sending and receiving requests and responses in both types of proxies, but structurally they are swapped, which is why the former is called forward proxy and the latter is called reverse proxy.
Distinguishing by Purpose:#
- Forward Proxy: The purpose of forward proxy is to provide a way for the local area network behind the firewall to access the internet. It can also use caching features to reduce network usage.
- Reverse Proxy: The purpose of reverse proxy is to provide servers behind the firewall for internet users to access. It can also perform functions such as load balancing.
From a Security Perspective:#
(1) Forward Proxy: Forward proxy allows clients to access any website through it while concealing the client itself, so you must take security measures to ensure that services are provided only to authorized clients.
(2) Reverse Proxy: It is transparent to the outside; visitors do not know they are accessing a proxy. To the visitor, it appears as if they are accessing the origin server.