Reverse proxy

From Wikipedia, the free encyclopedia

Jump to: navigation, search

A reverse proxy or surrogate is a proxy server that is installed within the neighborhood of one or more servers. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.

A reverse proxy dispatches in-bound network traffic to a set of servers, presenting a single interface to the caller. For example, a reverse proxy could be used for load balancing a cluster of web servers. In contrast, a forward proxy acts as a proxy for out-bound traffic. For example, an ISP may use a proxy to forward HTTP traffic from its clients to external web servers on the internet; it may also cache the results to improve performance.

There are several reasons for installing reverse proxy servers:

  • Security: the proxy server may provide an additional layer of defense by separating or masquerading the type of server that is behind the reverse proxy. This configuration may protect the servers further up the chain - mainly through obfuscation.
  • Encryption / SSL acceleration: when secure websites are created, the SSL encryption is sometimes not done by the Web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware.
  • Load distribution: the reverse proxy can distribute the load to several servers, each server serving its own application area. In the case of reverse proxying in the neighborhood of Web servers, the reverse proxy may have to rewrite the URLs in each webpage (translation from externally known URLs to the internal locations).
  • Caching: A reverse proxy can offload the Web servers by caching static content, such as images, as well as dynamic content, such as a HTML-page rendered by a content management system. Proxy caches of this sort can often satisfy a considerable amount of website requests, greatly reducing the load on the central web server; another term is Web accelerator. This technique is also used for the Wikipedia servers.
  • Compression: the proxy server can optimize and compress the content to speed up the load time.
  • Spoon feeding: a dynamically generated page can be produced all at once and served to the reverse-proxy, which can then return it to the client a little bit at a time. The program that generates the page is not forced to remain open and tying up server resources during the possibly extended time the client requires to complete the transfer.

[edit] See also

  • Apache HTTP Server may be extended with mod_proxy to be used as a reverse proxy; a caching proxy server may be configured using the mod_cache module in conjunction with mod_proxy
  • CACHEbox is a high performance HTTP/HTTPS/FTP caching proxy appliance supporting reverse as well as forward deployment modes.
  • Lighttpd can be used as a reverse proxy with load balancing capabilities.
  • Nginx - Web and Reverse proxy server.
  • Novell Access Manager is a commercial security solution which includes a reverse proxy, a policy based access manager and SSL VPN. All components use a LDAP like directory or federation with Liberty and others.
  • Pen is a load balancer for simple TCP-based protocols, such as HTTP or SMTP.
  • Perlbal is a Perl-based reverse proxy load balancer and web server.
  • Pound, a lightweight open source reverse proxy.
  • Sun Java System Web Server includes reverse proxy module with load balancing capabilities.
  • Squid is a proxy server that may be installed in a reverse proxy configuration.
  • Varnish is a open source reverse proxy.
  • WinGate supports reverse-proxying with SSL, authentication, and multiple virtual hosts.
  • Zeus is a product that can function as both a forward and reverse proxy, as well as content load balancer.
Personal tools