Reverse proxy: Difference between revisions

In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though it originated from the reverse proxy itself.^[1] While a forward proxy is usually situated between the client application (such as a web browser) and the server(s) hosting the desired resources, a reverse proxy is usually situated closer to the server(s) and will only return a configured set of resources.

• Reverse proxies can hide the existence and characteristics of the origin server(s).
• Application firewall features can protect against common web-based attacks. Without a reverse proxy, removing malware or initiating takedowns, for example, can become difficult.
• In the case of secure websites, the SSL encryption is sometimes not performed by the web server itself, but is instead offloaded to a reverse proxy that may be equipped with SSL acceleration hardware.
• A reverse proxy can distribute the load from incoming requests to several servers, with each server serving its own application area. In the case of reverse proxying in the neighborhood of web servers, the reverse proxy may have to rewrite the URL in each incoming request in order to match the relevant internal location of the requested resource.
• A reverse proxy can reduce load on its origin servers by caching static content, as well as dynamic content. Proxy caches of this sort can often satisfy a considerable amount of website requests, greatly reducing the load on the origin server(s). Another term for this is web accelerator.
• A reverse proxy can optimize content by compressing it in order to speed up loading times.
• In a technique known as "spoon feeding",^[2] a dynamically generated page can be produced all at once and served to the reverse-proxy, which can then return it to the client a little bit at a time. The program that generates the page is not forced to remain open and tying up server resources during the possibly extended time the client requires to complete the transfer.
• Reverse proxies can be used whenever multiple web servers must be accessible via a single public IP address. The web servers listen on different ports in the same machine, with the same local IP address or, possibly, on different machines and different local IP addresses altogether. The reverse proxy analyses each incoming call and delivers it to the right server within the local area network.

• aiCache is a commercial reverse proxy and a caching reverse proxy.
• Airlock, a Web Application Firewall developed and marketed by Switzerland's Ergon Informatik AG. It offers SSL termination, upstream authentication, blacklist and white-list filtering as well as load balancing capabilities.
• Apache HTTP Server may be extended with mod_proxy to be used as a reverse proxy; a caching reverse proxy server may be configured using the mod_cache module in conjunction with mod_proxy.^[3]
• Apache Traffic Server, an open source, high-performance routing and caching server.
• ApplianSys CACHEbox is a high-performance HTTP/HTTPS/FTP caching proxy appliance supporting reverse- as well as forward deployment modes.
• Arahe SiteCelerate is a commercial high performance reverse proxy with caching and compression. It offers image and text compression.
• Armorlogic Profense, an advanced reverse proxy (with web application firewall module) and content load balancer.
• Blue Coat Systems ProxySG, a forward proxy that can also be used as a reverse proxy.
• F5 Networks BIG-IP can be used as a reverse proxy with load balancing capabilities and has an optional application security module (ASM) to protect against attacks.
• Cherokee can be used as a reverse proxy as well as a web server and load balancer.
• GoAnywhere Gateway, an enhanced reverse proxy that allows FTP, FTPS, SFTP and HTTP services without exposing sensitive files in the DMZ or opening incoming ports into the internal network.
• Internet Information Services 7.0 with URL Rewrite v2 and Application Request Routing can act as a reverse proxy.^[4]
• Lighttpd can be used as a reverse proxy with load balancing capabilities.
• LiteSpeed Web Server can be used as a transparent reverse proxy server running in front of any web server or application server that supports the HTTP protocol.
• McAfee Web Gateway is a product that can act as a reverse proxy. It also provides SSL decryption, caching, anti-virus, anti-spam and other threat detection features.
• Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as Microsoft Internet Security and Acceleration Server (ISA Server), is a commercial proxy, firewall and caching solution by Microsoft.
• Netscaler ADC (Citrix Systems), A hardware and software solution providing advanced application and service delivery. Netscaler is a reverse-proxy with high-speed load balancing and content switching, data compression, content caching, SSL acceleration, network optimization, application visibility and application security on a single platform.Citrix Netscaler ADC
• Nginx is a web- and reverse proxy server.
• Novell Access Manager is a commercial security solution which includes a reverse proxy, a policy-based access manager, and SSL VPN. All components use an LDAP-like directory or federation with Liberty and others.
• Perlbal is a Perl-based reverse proxy load balancer and web server.
• PortFusion is an open-source, tiny, multi-protocol, distributed reverse proxy for all types of TCP-based traffic developed at the University of Heidelberg for remote administration and web service routing. Its focus is on maximum throughput, small binary and source code size and easy configuration from the command line.
• Pound is a lightweight, open source reverse proxy.
• Secure Entry Server, a Reverse Proxy developed and marketed by Switzerland's United Security Providers AG. It offers SSL termination, filtering, quality of application, integration engine as well as secure login service with a wide range of authentication protocols.
• Squid is a proxy server that may be installed in a reverse proxy configuration.
• Stunnel can be used as a local SSL reverse proxy.
• Sun Java System Web Server includes a reverse proxy module with load-balancing capabilities.
• Tinyproxy is a minimalistic HTTP proxy which can be configured to work as a reverse proxy.
• Tivoli Access Manager for eBusiness, WebSEAL is one of IBM's security products with WebSEAL being the reverse proxy.
• Varnish Cache is a performance-focused, open source reverse proxy. It has a policy configuration language to allow for extension. It features ESI, SaintMode, DNS director, built-in Load Balancing and native support for Varnish Modules written in C.
• WinGate supports reverse-proxying with SSL, authentication, and multiple virtual hosts.
• Zeus is a product that can function as both a forward and reverse proxy, as well as content load balancer.