Original article:
Reverse Proxy Server
1. Concept of reverse proxy
The reverse proxy method is to use a proxy server to accept connection requests from the Internet, and then forward the requests to the server on the internal network, return the result obtained from the server to the Client Requesting connection from the Internet. The proxy server is displayed as a server.
Generally, the proxy server is only used to proxy internal network connection requests to external internet networks. The client must specify the proxy server, and send the HTTP request to the Web server directly to the proxy server. External network connection requests to the internal network are not supported, because the internal network is invisible to the external network. When a proxy server can proxy hosts on the external network and access the internal network, this proxy service is called reverse proxy service. In this case, the proxy server acts as a Web server, and the external network can simply treat it as a standard Web server without specific configuration. The difference is that this server does not store the real data of any webpage, all static webpages or
CGI programs are stored on internal web servers. Therefore, the attack on the reverse proxy server does not damage the webpage information, which enhances the security of the Web server.
Reverse Proxy is commonly referred to as Web Server acceleration, it is a technology that reduces the load of the actual Web server by adding a high-speed Web buffer server between the busy Web server and the external network. Reverse Proxy improves the acceleration function for Web servers as a proxy cache. It is not for browser users, but for one or more specific Web servers, it can proxy access requests from external networks to internal networks.
The reverse proxy server forcibly passes the access from the external network to the server to which the proxy is sent, so that the reverse proxy server is negative.
Responsible for receiving client requests, and then obtaining the content on the source server, returning the content to the user, and saving the content to the local device so that you can receive the same information request in the future, it sends the content in the local cache directly to the user to reduce the pressure on the backend web server and improve the response speed.
2. Reverse Proxy Server and Content Server
The proxy server acts as a proxy for the server. If your content server has sensitive information that must be kept secure, such as the credit card number database, you can set a proxy server outside the firewall as a proxy for the content server. When an external client attempts to access the content server, it will send it to the proxy server. The actual content is on the content server and is protected by security inside the firewall. The proxy server is located outside the firewall and looks like a content server to the client.
When the client sends a request to the site, the request is forwarded to the proxy server. Then, the proxy server goes through the firewall
To send client requests to the content server. The content server then returns the result to the proxy server through this channel. The proxy server sends the retrieved information to the client, as if the proxy server is the actual content server. If the content server returns an error message, the proxy server first intercepts the message, changes any URL listed in the header, and then sends the message to the client. This prevents external clients from getting the Redirection URL of the internal content server.
In this way, the proxy server provides another barrier between the security database and possible malicious attacks. In contrast to the situation where you have the right to access the entire database, even if you are lucky enough to attack successfully, attackers are limited to accessing the information involved in a single transaction at best. Unauthorized users cannot access the real content server because the firewall channel only allows the proxy server to access the server.
3. workflow of Reverse Proxy Server
1) The user sends a request to access the Web server through the domain name. The domain name is resolved by the DNS server as the IP address of the reverse proxy server;
2) The Reverse Proxy Server accepts users' requests;
3) The Reverse Proxy Server searches for the requested content in the local cache and sends the content directly to the user;
4) if there is no information requested by the user in the local cache, the reverse proxy server will request the same information from the source server and send the information to the user, if the information is cached, it will be saved to the cache.
4. Benefits of reverse proxy
1) solved the problem of external visibility of the website server;
2) saves limited IP Address resources. All websites in the enterprise share an IP address registered on the Internet. These servers allocate private addresses to provide external services through virtual hosts;
3) protects the Real Web server. The web server is invisible to the external, and the reverse proxy server is visible on the Internet, but the reverse proxy server does not have real data. Therefore, ensures the security of web server resources;
4) It accelerates Website access and reduces the burden on the Web server. The reverse proxy can cache web pages. If the content you need is in the cache, it can be obtained directly from the proxy service, reducing the load on the Web server and accelerating user access.