Skip to main content
Hashnodeian njuguna

Command Palette

Search for a command to run...

Reverse Proxies

Traffic, Control, Security, and Speed

Updated
2 min read
Reverse Proxies
I
ian
wagmi

Reverse proxies are server-side intermediaries that sit between clients and backend services. They integrate a collection of servers under a common entry point, to reduce the surface area of attack vectors on the network and host internals.

Even though the most popular implementations are done with the hypertext transfer protocol (HTTP), the pattern can be applied for any other Internet protocol.

+-----------------------------------------------------------------------+
|                           PUBLIC INTERNET                             |
|                                                                       |
|   [ Client A ] ----(HTTPS)----+                                       |
|                               |                                       |
|   [ Client B ] ----(HTTPS)----+---> [ REVERSE PROXY ]                 |
|                               |   (Nginx / Monolith Server )          |
|   [ Client C ] ----(HTTPS)----+              |                        |
+----------------------------------------------|------------------------+
                                               |
                                       [ Private Network ]
                                               |
                     +-------------------------+-------------------------+
                     |                         |                         |
                     v                         v                         v
           [( Backend Server 1 )]    [( Backend Server 2 )]    [( Backend Server 3 )]
               (Internal HTTP)           (Internal HTTP)           (Internal HTTP)

Key Elements:

  1. clients: standard web browsers making HTTPS requests from the open internet.

  2. reverse proxy**:** the single point of entry. it handles tasks like SSL decryption, logging, and DDoS protection so your actual application servers don't have to.

  3. private network: your backend servers are safely hidden behind the proxy. typically, they will only accept traffic originating from the reverse proxy's internal IP address, keeping them isolated from direct public threats.

benefits

  1. Attackers can not directly exploit vulnerabilities of the backend server. Even when the backend server is compromised, the reverse proxy acts as a firewall to hinder spreading of Internet worms, etc., by blocking outgoing requests from the backend server.

  2. Only one machine is connected to the internet directly and needs to be monitored for potential vulnerabilities and existing patches to be applied.

liabilities

  1. A false sense of security. Patches and black lists can only be constructed after a vulnerability is exposed.

  2. A reverse proxy adds latency to the communication, because of the additional network traffic, and for the filtering and validation of requests.

10 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

I

ian njuguna

31 posts