On the understanding of forward proxy and reverse proxy

These days just in contact with Nginx, involving reverse proxy, before this piece a bit vague, and then through the powerful Internet evil to fill this knowledge, special finishing the relevant notes to enhance memory!

• Forward Agent (normal proxy)

This is what we typically call a proxy server, only for proxy internal network connection requests to the Internet, the client must specify a proxy server, and send HTTP requests that would otherwise be sent directly to the Web server to the proxy server. The proxy server interacts with the Web server and returns the final acquired data to the client through proxy.

This is like we now visit Google, the mainland is not able to access Google's search service, but we buy an agent through a treasure, it can be accessed through it, this access process can be seen as a forward proxy.

From a security standpoint, the forward proxy is a server between the client and the original server (Origin server), and the original server does not know that the user is actually accessing it because the proxy server interacts with the original server instead of the user, so the proxy server is controlled by a malicious user and is " The risk of attacking the original server.

• Reverse proxy (Reverse proxies)

This approach, in fact, is the opposite of the forward proxy, which is to accept the connection request on the Internet as a proxy server, then forward the request to the server on the internal network and return the results from the server to the client requesting the connection on the Internet. At this point the proxy server is represented as a server externally.

When a proxy server is able to proxy hosts on an external network, this proxy service is called a reverse proxy service when it accesses the internal network.

From a security point of view, when the modern server through the reverse proxy service, when its external performance as a Web server, the external network can simply treat it as a standard Web server without the need for a specific configuration. The difference is that the server does not save the real data of any Web page, all static Web pages or CGI programs are stored on the internal Web server. Therefore, the attack on the reverse proxy server does not cause the Web page information to be destroyed, which enhances the security of the Web server.

• The difference between the two:

the reverse proxy mode and the forward proxy approach do not create conflicts, so you can use both methods in your firewall device. Where the reverse proxy is used for external network access to the internal network, the forward proxy method is used to deny other external access and provide internal network access to the external network.

• Caching (Cache)

This can be seen as the same point of the two, the reverse proxy server and the same as the forward proxy server has the role of the cache, it can cache the resources of the original resource server, not every time to the original resource server to request data, especially some static data, compared to slices and files, If these reverse proxy servers can be and users from the same network, then the user access to the reverse proxy server, you will get very high-quality speed, which is the core of CDN technology, and in the internal network cluster-based proxy server, is to provide we often say load balance.

This article is from "Tornado" blog, please make sure to keep this source http://ruilong.blog.51cto.com/4043170/1793792

On the understanding of forward proxy and reverse proxy