Is the AWS application load balancer a reverse proxy?

AWS provides a lot of products related to application and network load balancing.

I was wondering if the product called Application Load Balancer has functionality similar to a reverse proxy? That is I need a reverse proxy that would receive requests on behalf of an endpoint running inside the VPC and route them somewhere within the VPC. In this case I would have the VPC endpoint running inside of the Application Load Balancer, but all the traffic would be routed back to the VPC. I do not need any authentication or authorization in this particular case, it does not change the security model at all.

The way I see it's simply another load balancer that is not based on routing/protocol selection or HTTP cookies, it just receives traffic and routes it back into the backend. I would like to have an authoritative answer from someone who has a lot of experience in using this kind of load balancer and understands how it works from both server and networking point of view. I would be grateful if I could get answer from someone who uses application load balancers and understands the internals of the product Yes, this exact functionality exists. You do not want to use the ALB for authentication/authorization because the authentication and authorization logic are done in your backend service which is not present in the ALB.

Let me explain what you'd see with such an architecture: ALB is your entry-point into AWS and you can use your VPC as a DMZ. From the client-facing IP address, traffic goes to the ALB and it passes through the VPC gateway to your endpoints. As for your questions:
If you have authentication/authorization on the backend or an API, ALB cannot pass this through to the backend (unless you route the traffic to this endpoint yourself). ALB uses TCP only. This means that with a firewall in front of ALB all other protocol are dropped before they reach ALB.

Is HAProxy a reverse proxy or load balancer?

I'm asking the question on purpose (for the learning purposes). I know it can act as either of two depending on its set configuration.

Now the question is, where (on the level of functionality) is HAProxy being an entry-level load balancer? Because I was told that it has one of the features of a load balancer(routing rules) and therefore it doesn't belong to the "entry-level" category. I'm confused though. Could you please help me find what I'm searching for?
Both. HAProxy is a multi-tier software solution. It can load-balance, reverse-proxy, proxying, rate-limiting, SSL termination, and more. Depending on the settings that you provide.

Is AWS WAF a reverse proxy?

Does AWS WAF replace your reverse proxy or is it a new use case?

AWS WAF can be deployed at the edge of your network in order to: Block requests from unapproved endpoints. Improve application performance. Improve the security posture of your web application. It does this by implementing a rule set that intercepts HTTP traffic and inspects the contents of the request. If the rule set identifies an attack, the request is blocked. In addition to blocking requests from unapproved endpoints, AWS WAF also inspects the contents of the request to identify threats and improves application performance by only processing valid traffic.

In this post, we'll look at the two scenarios that AWS WAF can be used for: Scenario 1: Edge-of-network protection. Scenario 2: Improving application performance. Let's start with Scenario 1: Edge-of-network protection. How does WAF work at the edge of your network? Edge-of-network protection is about blocking requests from unapproved endpoints. This is where you protect your application and infrastructure from outside attacks. When you deploy AWS WAF at the edge of your network, you are saying that you want your web application to be protected from threats in your application, which is not a very new scenario.

What is different with edge-of-network protection is that you want to protect the application from unapproved endpoints. For example, if you are using a reverse proxy or load balancer to distribute traffic across your application, you want to make sure that the traffic doesn't reach your application. The way to do this is to block traffic that isn't coming from the correct source address and port. You can achieve this by implementing a rule set that detects and blocks requests from unknown IP addresses or hostnames.

If you have a load balancer in front of your application, the load balancer will be responsible for detecting unknown endpoints. It will forward traffic to your application if the endpoint is known.

So, does AWS WAF replace your reverse proxy? No, AWS WAF does not replace your reverse proxy. It complements it.

When you deploy AWS WAF at the edge of your network, the load balancer or reverse proxy is still required.