What are reverse proxies? Are they the same as CDNs?
Reverse proxies are server-side proxies, as opposed to regular HTTP proxies, which are client-side. Reverse proxies hide the true identity of the origin server. They receive an HTTP/HTTPS request and forward information between the client and the origin. By acting as a middleman, reverse proxies prevent users from accessing content directly.
As a result, reverse proxies are found in DDoS protection applications, where end users can't discover the website's direct IP. Hiding the direct IP prevents malicious actors from taking a website or application offline.
A reverse proxy passes along users' header information so the origin knows what to serve. To start, a reverse proxy usually forwards the Host
header. Popular software, such as NGINX, supports the ability to forward web sockets and newer HTTP connection types like partial QUIC support.
Reverse proxies are commonly used to hide the identity of an origin server, but they can also be used to balance traffic across multiple origins.
For example, a CDN uses a PULL
zone. The CDN pulls data through a node, caches static data, and forwards the data to users. Users see faster load times. Even if you request content from a server located thousands of kilometers away, you should see a smaller performance hit than you would if you requested content directly.
Generally, you will hear about NGINX, Apache, and other web servers being mentioned. These servers have two modes of operation:
There are dedicated reverse proxies as well, such as HAProxy and Varnish.
Most — if not all CDNs — have a PULL
zone type. This uses a user-operated backend, and many nodes placed in front.
This example uses a single reverse proxy:
While pull zones and reverse proxies are similar, CDNs have other features that not all reverse proxies support.
Hypertext Transfer Protocol. A protocol that connects web browsers to web servers when they request content.
The part of an HTTP message that contains information about the contents of the message.
A medium (server) that forwards traffic to a requested destination.
HTTP Secure. When an HTTP request is secure, the connection between a client and server is encrypted.
Reverse proxies are similar to proxies; though they operate in a "flipped model" where data is exchanged between a client <-> server <-> origin.