What Is a Reverse Proxy?

A reverse proxy is used to provide load balancing services and, increasingly, to enforce web application security at strategic insertion points in a network through web application firewalls, application delivery firewalls, and deep content inspection.

In networking and web traffic, a proxy is a device or server that acts on behalf of other devices. It sits between two entities and performs a service. Proxies are hardware or software solutions that sit between the client and the server in order to manage requests and sometimes responses.

Typically, a reverse proxy server sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. The requested resources are then returned to the client, appearing as if they originated from the proxy server itself. This provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers. A reverse proxy also provides the ability to direct requests based on a wide variety of parameters such as user device, location, network conditions, application health and even the time of day.

A reverse proxy is used to provide load balancing services to deliver smoother web experiences and, increasingly, to enforce web application security at strategic insertion points in a network through web application firewalls, application delivery firewalls, and deep content inspection.

When combined with cloud deployments, a reverse proxy can enable cloud bursting and split-application architectures that offer the economic benefits of cloud without compromising control or security.

While the most common use of a reverse proxy is to provide load balancing for web applications and APIs; reverse proxies also are  deployed to offload services from applications to improve performance through SSL acceleration, intelligent compression and caching. Reverse proxies also enable federated security services for multiple applications by enforcing web application security.

A reverse proxy may act either as a simple forwarding service or actively participate in the exchange between client and server. When the proxy treats the client and server as separate entities by implementing dual network stacks, it is called a full proxy.

A full proxy creates a TCP client connection along with a separate TCP server connection with a little gap in the middle. The client connects to the proxy on one end and the proxy establishes a separate, independent connection to the server. This is bi-directional on both sides. There is never any blending of connections from the client side to the server side since the connections are independent.

The function of a reverse proxy can be performed by a device, software, or service depending on the complexity of the environment and needs of the organization.

Ideal for cloud-native environments, NGINX Plus is a software-based reverse proxy that performs load balancing, Layer 7 routing and web performance optimization, similar to a hardware device. NGINX Plus can be deployed in the public cloud as well as in private data centers at a lower cost than a full proxy.

For more complex and hybrid environments, the F5 BIG-IP system is a full proxy that can be deployed as a full reverse proxy server capable of intercepting, inspecting, and interacting with requests and responses. This includes the basic functions of load balancing and web performance optimization, as well as more advanced traffic management services such as application layer security, web acceleration, page routing and secure remote access.