In computer networks, a reverse proxy (or surrogate server) is a proxy server that appears to any client (such as a browser) to be an ordinary web server, but in reality merely acts as an intermediary that forwards the client's requests to one or more ordinary web servers.[1][2] Reverse proxies help increase scalability, performance, resilience, and security, but they also carry a number of risks.
Companies that run web servers often set up reverse proxies to facilitate the communication between an Internet user's browser and the web servers. An important advantage of doing so is that the web servers can be hidden behind a firewall on a company-internal network, and only the reverse proxy needs to be directly exposed to the Internet.
Reverse proxies should not be confused with forward proxies, which are used when it is the client who is restricted to a private, internal network; in this case, the client can ask a forward proxy to retrieve resources from the public Internet on behalf of the client.
Reverse proxy servers are implemented in popular open-source web servers, such as Apache, Nginx, and Caddy, which makes them a hybrid between a reverse proxy server and a web server. Dedicated reverse proxy servers, such as the open source software HAProxy and Squid, are used by some of the biggest websites on the Internet.
Large websites and content delivery networks use reverse proxies, together with other techniques, to balance the load between internal servers. Reverse proxies can keep a cache of static content, which further reduces the load on these internal servers and the internal network. It is also common for reverse proxies to add features such as compression or TLS encryption to the communication channel between the client and the reverse proxy.[3]
{{cite journal}}
: CS1 maint: url-status (link)