What is an example of a proxy server?

Is nginx a reverse proxy?

What exactly does nginx do?

Does it just forward requests? I can see the documentation is quite confusing and doesn't seem to say what it does. It's unclear how it differs from a reverse proxy.

A reverse proxy is an application which sits in front of a web server. The reverse proxy provides various services to the web server, such as load balancing, caching, and proxying (in fact, in terms of functionality, it is the same as a forward proxy).

In the case of nginx, there are several functions which can be utilized by it, such as caching, load balancing, proxying and many more. For example, consider a website hosted in another location. All visitors will reach this site using the address: www.com. Now, if you want to host the same site on another location and make visitors use a different address, for example: www.example2.com, then you need a reverse proxy which acts as a gateway for both your sites and handles traffic accordingly.

Short answer: yes, Nginx is a reverse proxy. Long answer: nginx is not a "reverse" proxy, it is a HTTP proxy. It does not know the semantics of HTTP, but it translates HTTP requests to and from the backend server according to certain rules.

To explain the concept a little bit more, a "reverse" proxy (which seems to be the most common name for a "forward" proxy) translates HTTP requests from the client to the backend server. For instance, if the backend server supports "caching", the proxy could cache the responses from the backend for later use. This is similar to the way a DNS resolver works: It receives a request from the client, and forwards it to the correct host name or IP address, depending on the mapping for the target host name or IP address.

Nginx does not have any kind of mapping between clients and backends, it merely translates HTTP requests between clients and backends. In the case of nginx, the request could be HTTP, HTTPS, FastCGI or some other protocol.

Is a VPN a reverse proxy?

The terms "reverse proxy" and "VPN" can cause some confusion, as they are used in different ways.

We take a look at them here.

What's the difference between a VPN and a reverse proxy? A reverse proxy server is a tool for translating a request that you send to it, to some web service located elsewhere. Typically the translation will involve a change in the request or its path.

A VPN server, on the other hand, provides an encrypted (sometimes encrypted over TLS) connection between the VPN client and some other host. This host can be the Internet (on a public Internet connection) or another device. Most VPN clients terminate the VPN session when done, and connect directly to the other host (see the diagram below). But if the client connects first and establishes a tunnel, it could be described as a "reverse" proxy. Some other VPN clients terminate the VPN session and have no direct connection to the remote host. Others have both. This article is about the latter.

When most people hear "VPN" they think about a tool like Vyprvpn that's designed to connect you to a remote server which has a public IP address and the ability to act as a web proxy. This article covers that kind of service and the pros and cons of that model.

Some organizations have other web proxies they use to route traffic through their organization. For example, many big companies and government agencies have a web proxy known as "The Great Firewall of China".

Most people reading this article will have a private home network, and most VPN tools have to run on home computers or other client devices. These tend to have their own proxy servers in their network (usually called a "local" proxy), which provide connections to the outside internet.

Some VPN clients can also act as a reverse proxy server. These VPN tools act more like a traditional Internet proxy because they do route your connections through the VPN server when your connections go out, and come back from the "remote" server when going into the VPN server.

There's a lot of debate about the use of these different methods, and there are a number of factors to take into account. How do VPNs work?

What are some cases of reverse proxy?

I really don't have much experience of reverse proxy.

A colleague of mine uses it to expose internal webservers. What are some other use cases for this kind of setup?

It is not a very common architecture. A reverse proxy acts as an "inbound firewall" for your application(s). In theory, a reverse proxy could forward to any number of servers within the organization.

This configuration is a good security measure for web applications which may have vulnerabilities in the application code. Since the web server is not able to directly interact with the application but needs to hit the reverse proxy before being granted access, an attack vector such as cross-site scripting (XSS) is not possible. It can only be carried out after getting past the reverse proxy layer which is protected by a firewall.

For example, say you have a php based application deployed at a remote machine. By doing some research, you find that php has a security flaw and is vulnerable to XSS. With the knowledge of this vulnerability, you can create a small script on your own machine which can successfully exploit the application with the help of the same security flaw. To perform the same exploit, you would need to go through your local web server, since it is directly exposed to the internet.

But when using the reverse proxy configuration, it simply checks the remote address, determines whether it matches the allowed domains. If it matches, it allows the request to continue, else it refuses the request. Therefore, by configuring the reverse proxy properly, it mitigates the security flaw in the application and all the attacks that are able to exploit such a flaw.

There is a huge list of security risks which may cause XSS attacks. But if you have a proper reverse proxy in place, it will filter out most of the possible attack vectors.

There's the concept of a load balancer, which is a very general term (so it includes reverse proxies). Load balancers are used to distribute web traffic evenly across several backend servers. This is good if you need to scale horizontally without incurring downtime. Here's an example: Reverse proxies do not handle scaling or traffic distribution, they're used to forward traffic to one set of servers from another set of servers.

What is an example of a proxy server?

If a web browser is connected to a proxy server, then the web browser makes requests through the proxy server instead of connecting directly to the destination server.

The web browser and proxy server form a tunnel to the destination server.

Proxy servers are commonly used by organizations that want to control what their employees can access on the Internet. Proxy servers are often used to filter out certain web sites, block access to certain types of content (eg, pornography), or hide the identity of users.

The web browser connects to the proxy server and asks for a web page, such as www.google. The proxy server then forwards the request to the destination server www. In this way, the web browser appears to connect directly to the destination server, but the proxy server actually connects and sends the request to the destination server.

A proxy is a piece of software that acts as an intermediary between a client and a server. The proxy will make a request to a server, which in turn will reply to the proxy. The proxy then relays the reply to the client. In this way, the proxy can determine whether or not a user is allowed to access the server or what type of response the server is giving. The client's browser will make the requests, but the proxy will be able to intercept them. Proxy servers have many different purposes.