We must know what a proxy is to design cloud systems and pass in the systems design interview. Proxy is powerful and useful to create an intermediary between the client and server.
Let’s see what types of proxies we have, how they can be helpful, and the technologies we can use.
Forward Proxy
The forward proxy is an intermediary server between the client and the server. We will usually use a forward proxy to hide the IP for the client. Also, remember that a forward proxy will serve the client, not the server.
Let’s see in more detail how a forward proxy works:
Client Request: A client sends a request to access a resource, such as a website, to the forward proxy server.
Forward Proxy Reception: The forward proxy server receives the client’s request.
Target Server Connection: The forward proxy server establishes a connection with the target server on behalf of the client.
Forwarding the Request: The forward proxy server forwards the client’s request to the target server.
Target Server Response: The target server processes the request and generates a response.
Forward Proxy Response: The forward proxy server receives the response from the target server.
Response Delivery to Client: The forward proxy server sends the response back to the client that originally made the request. By using a forward proxy, clients direct their requests to the proxy server instead of directly communicating with external servers. This provides several benefits:
Privacy and Anonymity: The forward proxy server masks the client’s IP address, enhancing privacy and providing a level of anonymity.
Content Filtering: The forward proxy server can be configured to filter and control access to specific websites or types of content based on predefined rules or policies.
Caching: The forward proxy server can cache frequently requested resources, reducing bandwidth usage and improving response times for subsequent requests.
Bandwidth Control: The forward proxy server can apply bandwidth control measures, limiting the data clients can receive or send.
Security: The forward proxy server can act as a firewall, inspecting incoming and outgoing traffic and providing an additional layer of security by blocking malicious or unauthorized requests.
Forward proxies are commonly used in corporate networks, educational institutions, and organizations to control internet access, enforce security policies, and optimize network usage. They allow clients to access external resources indirectly through the proxy server, providing various functionalities and controls in the process.
Reverse Proxy
A reverse proxy is a server or software application that acts as an intermediary between clients and servers, accepting client requests and forwarding them to the appropriate backend servers. It operates on behalf of the server, meaning that the client is usually unaware of a reverse proxy.
Here’s how a reverse proxy works:
Client Request: A client sends a request to access a resource, such as a web page, to the reverse proxy server.
Reverse Proxy Reception: The reverse proxy server receives the client’s request.
Backend Server Selection: The reverse proxy determines which backend server or servers should handle the request. This selection can be based on various factors such as load-balancing algorithms, server availability, or specific routing rules.
Forwarding the Request: The reverse proxy forwards the client’s request to the selected backend server, acting as an intermediary.
Backend Server Response: The backend server processes the request and generates a response.
Reverse Proxy Response: The reverse proxy server receives the response from the backend server.
Response Delivery to Client: The reverse proxy sends the response back to the client that originally made the request. Using a reverse proxy, clients interact with the proxy server instead of directly communicating with the backend servers. This offers several benefits:
Load Balancing: The reverse proxy can distribute incoming requests across multiple backend servers, balancing the load and optimizing resource utilization.
Caching: The reverse proxy can cache frequently requested resources, reducing the load on backend servers and improving response times for subsequent requests.
Security: The reverse proxy can act as a security barrier, providing an additional layer of protection by filtering and inspecting incoming traffic before forwarding it to backend servers.
SSL Termination: The reverse proxy can handle SSL encryption and decryption, offloading the resource-intensive task from backend servers.
Content Delivery: The reverse proxy can serve static content directly, relieving backend servers from handling such requests and improving overall performance.
Reverse proxies are commonly used in web applications, content delivery networks (CDNs), and server farms to enhance performance, scalability, and security. They enable efficient resource allocation, improve response times, and provide additional layers of protection for backend servers.
Forward Proxy VS Reverse Proxy
The main difference between a forward proxy and a reverse proxy lies in the direction of the communication flow and the parties involved. Here are the key distinctions:
Forward Proxy:
Communication Flow: In a forward proxy setup, the client directs its requests to the proxy server, and the proxy server forwards those requests to the servers on behalf of the client.
Client Perspective: The client is aware of the forward proxy’s existence and explicitly configures its network settings to use the proxy server.
Anonymity and Privacy: Forward proxies can provide privacy and anonymity to clients by masking their IP addresses from external servers.
Content Filtering: Forward proxies can be configured to filter and control access to specific websites or types of content based on predefined rules or policies.
Caching: Forward proxies can cache frequently requested resources, reducing bandwidth usage and improving response times for subsequent requests.
Example Use Case: A corporate network might use a forward proxy to control internet access, monitor and filter employee web activity, and provide caching for improved performance.
Reverse Proxy:
Communication Flow: In a reverse proxy setup, the client sends requests to a reverse proxy server, which then forwards those requests to the appropriate backend servers handling the requested resources.
Client Perspective: The client is generally unaware of the reverse proxy’s existence and communicates with the reverse proxy as if it were the intended server.
Load Balancing: Reverse proxies often distribute incoming requests across multiple backend servers to balance the load and optimize resource utilization.
SSL Termination: Reverse proxies can handle SSL encryption and decryption, offloading the resource-intensive task from backend servers.
Security: Reverse proxies act as a security barrier, filtering and inspecting incoming traffic before forwarding it to backend servers to protect against malicious requests.
Example Use Case: A website or application with multiple servers might use a reverse proxy to distribute traffic (load-balancing), improve scalability, provide SSL termination, and enhance security.
In summary, a forward proxy primarily acts on behalf of clients, facilitating their requests to external servers. In contrast, a reverse proxy primarily acts on behalf of backend servers, receiving requests from clients and forwarding them to the appropriate servers.
Proxy Technologies
Now that we understand the fundamental differences between a forward proxy and reverse proxy let’s see the top technologies used in the market:
Nginx: Nginx, primarily known as a web server, can also function as a forward proxy. It is lightweight, scalable, and efficient. Nginx supports HTTP, HTTPS, and other protocols, and it can be configured for caching and load balancing.
Squid: Squid is a widely used open-source caching proxy server that supports HTTP, HTTPS, FTP, and other protocols. It offers caching, content filtering, access control, and authentication features.
Apache HTTP Server: Apache HTTP Server has a built-in proxy module that allows it to act as a forward proxy. It supports HTTP, HTTPS, FTP, and more. Apache offers features like caching, load balancing, and authentication. Apache HTTP Server can also be configured to function as a reverse proxy using its mod_proxy module. It can distribute incoming requests, perform load balancing, and provide SSL/TLS termination.
HAProxy: HAProxy is a high-performance TCP/HTTP load balancer and proxy server. While commonly used as a reverse proxy, it can also function as a forward proxy. HAProxy supports HTTP, HTTPS, and TCP protocols, and it excels in handling high loads and providing advanced load-balancing features.
Envoy Proxy: Envoy is a modern, cloud-native proxy that offers advanced features such as dynamic service discovery, load balancing, circuit breaking, and observability. It is designed for managing microservices architectures and containerized environments.
Conclusion
When designing cloud systems, we will use a Proxy all the time. We will usually use a forward proxy to mask the IP from the client. Also, the forward proxy will act on behalf of the client.
In most of the Microservices, we will use a reverse proxy. A reverse proxy focuses on the server side. The most common use cases for a reverse proxy are load balancer, circuit breaker, dynamic service discovery, and observability.
Forward Proxy:
- Client directs requests to the proxy server.
- Proxy server forwards requests to external servers.
- Clients know the forward proxy and configure network settings accordingly.
- Provides privacy and anonymity by masking client IP addresses.
- Can filter and control access to specific content.
- Supports caching to improve performance.
- Commonly used for controlling internet access in corporate networks.
Reverse Proxy:
- Client sends requests to the reverse proxy server.
- Reverse proxy server forwards requests to backend servers.
- Clients are generally unaware of the reverse proxy’s existence.
- Handles load balancing by distributing requests to multiple backend servers.
- Performs SSL termination, offloading encryption/decryption from backend servers.
- Acts as a security barrier by filtering and inspecting incoming traffic.
- Used to improve scalability, enhance security, and optimize resource utilization.
