A proxy server is a server application that sits between the client (end-user devices) and the intended destination server. It can physically reside anywhere ranging from a home computer to a cloud server. Proxy servers act as mediators and exchange information with the desired destination server on behalf of the clients.
Proxies can be of different types. Depending on the type, it can be used to hide the true origin of the client requests from the intended destination server.
Types of Proxies
Proxis can be broadly classified into 2 categories.
- Forward Proxy
- Reverse Proxy
A forward proxy is usually an internet-facing proxy server responsible for interaction with the destination server on behalf of the client. This type of proxy is used to retrieve resources from the destination server on behalf of the client.
When people talk about proxy servers, they are usually referring to forward proxy.
Forward Proxy again can be broadly sub-categorized into 2 types.
It is used to hide the originator (client) IP details from the destination server. This type of proxy is commonly used to get around IP targeting activities. The name should not be confused with Internet anonymity as no proxy can be truly anonymous by design.
It’s the simplest kind of proxy that identifies itself as a proxy to the destination server. These are commonly used in schools, colleges, and companies to filter web traffic going out (to the internet) from the internal network.
Primary use cases of a Forward Proxy:
- Bypass Internet Censorship.
- Access Geo-Restricted Content.
- Avoid IP targeting.
- Control & Restrict web activity (for organizations).
These proxy servers act as a facade to the origin server, ensuring no client communication happens directly with the origin server.
Few Primary use cases of a Reverse Proxy:
- Caching: Reverse Proxy can be used to cache site content which can reduce the load on the origin server.
- Load balancing: Reverse proxy can be used to distribute the load from incoming traffic to a pool of servers to reduce the load on a single server.
- Hides origin server details: Multiple web servers can be made accessible via single public reverse proxy server IP, with other web servers listening behind the reverse proxy server on different local IP addresses and ports.
- SSL Encryption: SSL encryption / decryption can be computationally expensive for the origin server. This task can be offloaded to a Reverse proxy server equipped with TLS acceleration hardware, reducing the load on an origin server.
Difference b/w Forward and Reverse Proxy
The difference between a forward and a reverse proxy is subtle but very important. A simplified way to sum it up would be to say forward proxy works on behalf of the client whereas the reverse proxy is controlled by the destination server.
How Proxy differs from VPN
VPN and Proxy are fundamentally different with some overlapping use cases. The only thing common is both of them make the client traffic look like it’s coming from a different IP Address. But each of them handles it differently under the hood.
The proxy needs to be configured at the individual application or protocol level (e.g., HTTP/HTTPS, FTP, SOCKS, etc.) on the client side. So, only the configured applications or all applications using the configured protocol can use the proxy server.
On the other hand, a VPN is configured at the system level. No individual application level configuration is required for VPN.
Apart from masking client IP, VPN is also used by organizations to provide secure access to the organization’s internal network resources over the internet. You can read more on the same from our previous article.
A proxy server is more relevant in use cases such as Smart DNS, Reverse Proxy, etc.