Reverse Proxy
Definition
A server that sits in front of web servers, forwarding requests to them while providing load balancing, security, and improved performance.
Use Cases
- Netflix: Front-door traffic management for microservices, including routing, TLS termination, and resilience features at the edge of services. — Netflix open-sourced Zuul, a gateway service that acts as an edge reverse proxy for internal services. It is used to route requests to appropriate backend services and apply cross-cutting concerns like filtering and security controls. (Improved operational control over service-to-service traffic, enabling consistent routing and policy enforcement as the system scaled.)
- Cloudflare: Reverse proxy in front of customer websites to provide DDoS protection, TLS termination, caching, and WAF capabilities. — Cloudflare operates a global reverse-proxy network. Customer DNS is pointed to Cloudflare, which then proxies HTTP/HTTPS requests to the customer origin servers while applying security and performance features. (Reduced origin exposure and improved availability and performance for proxied sites by absorbing attacks and serving content from edge locations when possible.)
- GitHub: Securely fronting web applications and APIs with TLS termination and traffic routing to internal services. — GitHub has publicly discussed using HAProxy in parts of its infrastructure as a reverse proxy/load balancer to distribute traffic across backend servers and manage connection handling. (Better reliability and controlled traffic distribution across backend fleets, supporting high-traffic web and API workloads.)
Provider Equivalents
- AWS: Elastic Load Balancing (Application Load Balancer)
- Azure: Azure Application Gateway
- GCP: Cloud Load Balancing (Application Load Balancer)
- OCI: OCI Load Balancer
Frequently Asked Questions
- What's the difference between a reverse proxy and a forward proxy?
- A reverse proxy sits in front of servers and represents the servers to clients (clients think they are talking to the website). A forward proxy sits in front of clients and represents the clients to servers (servers see the proxy as the client). Reverse proxies are used to protect and scale web apps; forward proxies are often used for outbound control, filtering, or privacy for users.
- When should I use a reverse proxy?
- Use a reverse proxy when you need one or more of these: (1) load balancing across multiple app servers, (2) TLS termination and certificate management in one place, (3) a Web Application Firewall (WAF) or request filtering, (4) path/host-based routing (for example, /api to one service and /app to another), (5) hiding private backend IPs and reducing direct exposure of origin servers, or (6) centralized logging, rate limiting, and authentication integration.
- How much does a reverse proxy cost?
- Cost depends on whether it is self-managed or managed. Self-managed (for example, Nginx/HAProxy) typically costs the compute resources (VMs/containers), bandwidth, and operations time. Managed reverse proxies (for example, AWS ALB, Azure Application Gateway, GCP Cloud Load Balancing, OCI Load Balancer) usually charge based on hours/provisioned capacity plus data processed and optional features like WAF. The biggest cost drivers are traffic volume, number of listeners/rules, TLS handshakes, and whether you run multiple instances for high availability.
Category: networking
Difficulty: advanced
Related Terms
See Also