Concept:
In Reverse Proxy mode, a Proxy server receives Internet connection requests, forwards the requests to the Intranet server, and returns the results to the Internet client. In this case, the Proxy server acts as a server externally.
Summary:
Typically, a proxy server is used only for internal network requests to connect to the Internet. Clients must specify a proxy server and send HTTP requests to the proxy server that are intended to be sent directly to the Web server. Since hosts on the external network do not configure and use this proxy server, ordinary proxy servers are also designed to search the Internet for multiple uncertain servers, rather than accessing a fixed server for requests from multiple clients on the Internet. Therefore, a common Web proxy server does not support external access requests to the internal network.
When a proxy server can proxy hosts on the external network to access the internal network, this proxy service is called reverse proxy service. In this case, the proxy server acts as a Web server, and the external network can simply treat it as a standard Web server without any specific configuration. The difference is that this server does not store any real data of the Web page, all static Web pages, or CGI programs, are stored on the internal Web server. Therefore, the attack on the reverse proxy server does not damage the Web page information, which enhances the security of the Web server. Reverse proxy mode and the way of packet filter or general agent mode, there is no conflict, thus can be used in a firewall equipment at the same time this two kinds of ways, including the reverse proxy for the use of external network access to the internal network, forward agent or packet filter mode to reject other external access mode and provide internal external network access. Therefore, you can combine these methods to provide the best secure access.
Why it is called reverse:
But that doesn’t explain why he’s called reverse, in principle. A proxy server handles requests from the client and forwards them to the destination server, so the proxy server does not work in reverse. The following diagram illustrates why a reverse proxy is called a reverse pair
In terms of structure, the left and right sides of the forward proxy and reverse proxy are changed. The clients of the original proxy server are from the Intranet. It forms a LAN with the proxy server, and after the reverse proxy. Proxy servers and servers form a group. So from the perspective of structure, it’s reverse. From the perspective of English, the word reverse contains the meaning of reverse, which means this kind of reversal on the structure diagram, but due to translation. In Chinese, it becomes a reverse proxy.
In fact, proxy does not do anything different than before. It still forwards the request from the client to the real end. But today, due to the extensive use of CDN, the servers behind the reverse proxy adopt the real IP address in order to adapt to this cross-network architecture. This often makes it harder to come up with a clear answer to the question of what reverse means in the term reverse proxy.