Proxies have a wide variety of use cases with great benefits. In this article, I go over two variations of proxies.
Forward Proxy
One day, in a school classroom setting, a teacher wants an anonymous survey filled out by all of the students in the classroom. The students want to make sure that their surveys are untraceable - the teacher happens to remember the handwriting of all of the students. Therefore, the students elect a class leader to re-write all of their surveys in an untraceable way (basically just re-writing all of the surveys in the class leader's handwriting.) Let's call this class leader - Cool Dude. The teacher also doesn't want to collect the surveys since her folders are full.
The grey box indicates that the entities are hidden from the server
As you can see in the diagram above:
- The students (client) write their survey and passes them to the Cool Dude (proxy)
- The Cool Dude re-writes them so that they are untraceable, and passes them to the teacher (server)
- The teacher records them, and passes them back to the Cool Dude
- The Cool Dude passes them back to the students.
The important takeaway here is that the teacher doesn't know anything about what the students did, because the Cool Dude masked all of their work. Essentially, the Cool Dude represents a forward proxy, which effectively hides the client(s) so that the server isn't aware of their existence. In the eyes of the server, the only entity that it knows and talks to is the forward proxy; the forward proxy acts as the client in its relationship with the server.
Use cases
- VPN
- Many networks talk to a VPN so that they can hide their source IP in their network requests. This allows networks to access geo-restricted websites, among other things. It also makes your requests harder to trace (theoretically)
- Cache Server
- If many different clients are fetching the same resources over and over, we can instead place a forward proxy in front of them that can fetch these resources for them and load them from cache when they are requested again.
Reverse Proxy
The reverse proxy works similarly to the forward proxy. There is an intermediary entity between the client and server, just like with a forward proxy.
In a reverse proxy architecture however, the hidden entities are reversed. In other words, the clients are not aware if they are talking to a proxy or the server.
The story continues...
The teacher, unpleased with the survey results and unable to determine who filled them out, lashed out in frustration. The teacher decides to convert a student within the classroom into a spy. Let's call this person, Uncool Dude. Uncool Dude will blend in with the rest of the students and try to draw out complaints about the teachers from the students. The students have no idea that the Uncool Dude is secretly reporting all of these complaints to the teacher.
The grey box indicates that the entities are hidden from the client
The scenario above loosely represents a reverse proxy.
- The students (client) vent out their frustrations to the Uncool Dude (reverse proxy)
- The Uncool Dude reports them to the teacher - the students don't know!
- The teacher finds out and pats the Uncool Dude on the head as a form of gratitude.
- The Uncool Dude acknowledges the frustrations of the students so that his cover is not blown.
The clients treat the reverse proxy as if it was the actual server. The reverse proxy can be doing many things however that the clients are unaware of. Another way to visualize this is that the reverse proxy is an intermediary for the back-end.
Use cases
- Load Balancer
- A load balancer basically routes requests to a myriad of servers to reduce the burden of overloading one particular server. A load balancer is a great example of a reverse proxy since front-end clients are completely unaware of what the load balancer is doing (nor does it need to know).
- nginx is perhaps one of the most popular HTTP reverse proxy load balancers.