Friday, June 1, 2007

Reverse Proxy


So what is it all about? Before we move into what is Reverse proxy, we have to look at what proxy is.. I will wait till you brush up with Proxy concepts here. Just kidding. Proxy is that machine which acts as an intermediatary between your pc and the Internet. Put in simple way, Proxy is used as one point of exit for all your network traffic. There are benefits of this. Any rules that you would like to force such as blocking few sites, needs to be done only at proxy location. This way it gives more control on controlling what needs to be controlled. Huh!.

There are few points that make the proxies dear to all..

1. Caching. Lets say this blog has become so popular that 200+ people are reading this 200 times every day from your network. This means lot of network traffic to one site. Now, its very obvious that this blog would change once in a day given, I quit my job and become full time writer. Without the proxy, every request to read my blog would be routed to Internet and thus increasing the network traffic. With proxy in between, it will cache the complete blog on the first hit and the Proxy itself would serve all subsequent requests. This reduces the internet traffic and the amount that your company pays to your ISP.

2. Better Control: Lets say your company would like to block this blog as it sees that people waste a lot of time reading this blog( I agree on time wasted in reading, but about being popular I doubt). Now with proxy in place, we just need to add a line in the configuration of the proxy server and restart it. Voila.. Your fav blog is no longer accessible in your network now.

Now moving to reverse proxy, the simplest way to define it would be to flip the proxy on its feet and its reverse proxy. :-)

Reverse proxy is a special case of a proxy, designed to carry traffic from a less trusted network into a more trusted network. The normal proxy proxies on behalf of a network, but the reverse proxy proxies on behalf of a web server.

So the question is why have this in first place?

1. Security: With reverse proxy in place, there is single point of entry to the web servers (from the reverse proxy). Hence you do not have to open up the web server to Internet, which would reduce the security risk.

2. Caching: The reverse proxy can cache the content from the web server hence reducing the load on the actual web server and serving the content from its cache.

3. Lets say you had to change over the web server to a different machine or to a different host name. Without reverse proxy in between, the names will have to be republished to the outside DNS world. With reverse proxy in place you don’t have to deal with these as the mappings will have to be known just to the reverse proxy and not to the Internet world.

Apart from above there is whole possibility of load balancing that comes into the picture which I would write in detail about in my next coming posts.

Everything comes with some cons as well. So what would be cons about reverse proxy?

1. The single point of entry. While this adds more security, would prove otherwise when the reverse proxy is compromised.

2. The reverse proxy name/IP is all the whole world knows as the façade to your web server. When this goes down without a backup in place, your whole web presence (do I have to mention about your sleep!!) is down the drain.

1 comment:

Bharani Surineni said...

Nice info.I didnt knew this!!