Search This Blog

Monday, 15 July 2013

Forward Proxy vs Reverse Proxy

Today we are going to discuss about two well known categories of proxy named as forward proxy and reverse proxy. First of all what is proxy? in computer networking this term proxy is use to represent a node or application which is acting on behalf of client or server, it's neither original source nor original destination instead it's intermediate which is acting on behalf of either client (source) or server (destination). based on it's placement and working it can be categorized as forward proxy and reverse proxy .

Forward Proxy - Such type of proxy generally used on closer side to client or a group of client and and help to hide source identity. for example if i want to allow my LAN to access internet resource but i don't want to reveal their identity to outsiders then forward proxy is helpful to me. in forward proxy implementation case all LAN users are suppose to generate request for internet or external resources with their own identity to server hosted on internet or outside to your network then this packet will be processed by proxy and depending on your configuration proxy will perform filtering and authentication if it's allowed packet then proxy use to forward it destination to server hosted on internet or outside with proxy identity as source. once packet delivered to server response will be generated by server and delivered to proxy as server will assume proxy as his client,  server ( or any other node beyond proxy ) won't get any idea about internal client in LAN and then this response will be forwarded to original client in LAN by proxy.
                                                              we have one more concept of Open Proxy in this category, Open proxy is again a forward proxy which is accessible to any internet users to place web service or any internet service request anonymously any internet user can use open proxy to hide it's own identity, generally it's used by attackers to make tracking difficult (it's not impossible to track but it's difficult) as it use to hide source identity.

Reverse Proxy - Such type of proxy generally used on closer side to server or a group of servers and help to hide server's identity for example if i am having a server or multiple server hosted in my DMZ and i want to allow secure access to these server for internet users or outsiders but i don't want to share my server's details with them then Reverse proxy is helpful to me. in revery proxy implementation case i have to advertise that all my services are hosted on proxy's IP but actually they will hosted on a internal server or may be multiple internal servers, because i am advertising proxy's IP for my services so all external or internet users request will be destination to proxy then proxy will accept those request on behalf of server/servers and depending on your configuration perform filtering and authentication (we may configure different filtering and authentication for different server) if it's allowed packet forward to appropriate server  then server will process this packet and generate response for the same , this response will be forwarded to proxy and then proxy will remove server's identity and forward this packet to client with self identity. this complete process is hidden from client and for all external or internet client proxy will be acting as final server client will assume that all these response are coming from proxy itself he won't get any idea about internal servers hosted in DMZ so for all external and internet users proxy will be acting as server.

I hope i made these Forward and Reverse Proxy understandable to you , if not please let me know your valuable suggestion to make it more clear and understandable. :-)

No comments:

Post a Comment