What is a forward proxy? What is a reverse proxy?

A friend of yours asked this question today.

Talk for a long, do not understand. At that time, I gave an example: all the computers in our company internal domain to go to the external network, is to go through a computer, he can control we can not mess up some sites, so that we can not go to work on some entertainment, video site, this server is a common agent, that is, the forward proxy. (The famous gfw!!! ）

The client wants to visit our company's website, all requests have to be placed on the most front-end of a machine, then he decided to really deal with the request of the server, usually said the load is very similar to this thing, this is the reverse proxy.

In order to let him understand I said, in fact, the agent itself is not the pros and cons. Agent is you ask a computer to help you do things. Then, then it was tragic. He asked: "Then why do these two things come up?" How did he get out of here?

I:...

So google!

simply say from a LAN out to the server is positive, from the client to enter a LAN for the reverse.

Concept :

The reverse proxy method refers to a proxy server that accepts connection requests on the Internet, then forwards the request to a server on the internal network and returns the results from the server to the client requesting the connection on the Internet, Reverse. At this point the proxy server is represented as a server externally.

Overview:

The usual proxy server, which is used only to proxy connection requests to the Internet by the internal network, must specify a proxy server and send HTTP requests that would otherwise be sent directly to the Web server to the proxy server. Because the host on the external network does not configure and use this proxy server, the normal proxy server is also designed to search the internet for multiple, uncertain servers instead of accessing a fixed server for requests from multiple clients on the Internet. Therefore, the normal Web proxy server does not support external access requests to the internal network. When a proxy server is able to proxy hosts on an external network, this proxy service is called a reverse proxy service when it accesses the internal network. At this point the proxy server is represented as a Web server, and the external network can simply treat it as a standard Web server without the need for a specific configuration. The difference is that the server does not save the real data of any Web page, all static Web pages or CGI programs are stored on the internal Web server. Therefore, the attack on the reverse proxy server does not cause the Web page information to be destroyed, which enhances the security of the Web server.

There is no conflict between the reverse proxy mode and the packet filtering method or the normal proxy mode, so both methods can be used in the firewall device, where the reverse proxy is used for external network access to the internal network, and the forward proxy or packet filtering method is used to deny other external access and provide internal network access to the external network. This way, you can combine these approaches to provide the best secure access.

Why is it called reverse:

But that doesn't explain why he's called reverse, in principle. The proxy server handles the request from the client and forwards it to the destination server, so the proxy server does not have any reverse meaning, and the following diagram shows why the reverse proxy is called reverse.

By the way, from the structural point of view, the right side of the proxy and reverse proxy for a bit, the original proxy Server client from the intranet. It and the proxy server form a LAN, and the reverse proxy. The proxy server and the server are made up of a group. So from the perspective of structure, it is reverse, from the English point of view, The word reverse contains the meaning of flipping, meaning that it refers to this reversal on the structure chart, but because of the relationship of translation. To the Chinese into a reverse proxy. In fact, the proxy did not do anything different from before. It still forwards the request from the client to the actual end. Today, due to the large use of CDN, the server behind the reverse proxy in order to adapt to this cross-network architecture, and all use the actual IP address. It is often more difficult to make a clear answer to the question "What is the inverse of reverse proxy in this noun?"

What is a forward proxy? What is a reverse proxy?