Wednesday, June 11, 2008

What are Reverse Proxies? What are they used for?

What are Reverse Proxies? What are they used for?

Reverse Proxies are the proxy servers which are normally used as SSL Offloaders. They intercept the incoming https requests from various clients, decode those https requests into corresponding http requests and finally send the converted http requests to the intended target servers. That's why they have been given the name 'SSL Offloaders' - as they offload the responsibility of SLL Conversion (https -> http) from the actual HTTP/Web Servers.

Another advantage of using Reverse Proxies is that only one Reverse Proxy can be used to decode https requests for many Web Servers. Another similar use of a Reverse Proxy can be to expose it as a single domain for multiple web applications running on those many Web Servers. The Web Servers will be known only to the Reverse Proxy and all the requests coming to it will be intercepted, examined, and finally be sent to intended Web Server running the particular Web Application, the request has come for. We can easily impose extra security to our web applications using Reverse Proxies. Any URL coming to it may be examined if its coming from expected clients or not and subsequently the client request may either result in an error OR it can be routed to the targetted web application. So, we may say Reverse Proxies as Gate-Keepers as well.

One common problem of using Reverse Proxies is that it may convert https requests into http requests for relative URLs (which is what we usually use with Reverse Proxies as the actual URLs are not normally known to the outside world and it's the duty of the Reverse Proxy to map a relative URL to the absolute URL on the target server) in case sendRedirect is being used on the target server. But, nothing really to worry about the usage of Reverse Proxies as we do have solution to this common problem and the solution is not that difficult either. Read more in this article - sendRedirect issue and a possible solution approach >>


No comments: