Performances et fiabilité
Réseau de diffusion de contenu (CDN) DNS Argo Smart Routing Équilibrage de charge AMP Real URL Optimisations Web Réseau Chine
Distribution et diffusion vidéo
Cloudflare Stream Diffusion de flux
Sécurité avancée
Magic Transit Protection contre les attaques DDoS Pare-feu applicatif Web (WAF) Gestion des robots Rate Limiting SSL/TLS DNSSEC Cloudflare Access Cloudflare Spectrum Argo Tunnel
Connaissance approfondie
Statistiques Journaux Cloudflare
Cloudflare pour les développeurs
Cloudflare Workers Cloudflare Workers KV Kit de développement mobile
Enregistrement de nom de domaine
Cloudflare Registrar
Cloudflare Marketplace
Cloudflare Apps
Cloudflare pour tous
1.1.1.1
Performances
Accélérer les applications Internet Accélérer les expériences mobiles Garantir la disponibilité de l’application
Sécurité
Endiguer les attaques DDoS Empêcher les violations de données client Arrêter les robots malveillants
Industries
Gaming SaaS E-commerce Médias et divertissement Secteur public Groupements d’intérêt public État et collectivités locales
Partenariats
Programme de partenariat
Partenaires solutions
Programme de services
Partenaires technologiques
Portail de peering Bandwidth Alliance Partenaires statistiques
Intégrations
IBM Cloud WordPress Google Cloud Magento Acquia Rackspace Microsoft Azure Kubernetes WP Engine
Développer
Guide des API Hub des développeurs Fonds de développement Documentation
Explorer
Études de cas Analystes Cloudflare en Chine Carte du réseau Webinaires Nouveautés Livres blancs RGPD
Apprentissage
Centre d'apprentissage DDoS Centre d'apprentissage CDN Centre d'apprentissage DNS Centre d'apprentissage sécurité Centre d’apprentissage performances Centre d’apprentissage sans serveur Centre d'apprentissage SSL Centre d'apprentissage Bots Centre d'apprentissage Cloud
Connecter
Blog Contacter le service commercial Communauté Support
Contacter
+1 650 319 8930
Configuration Cloudflare avancée
Explorer l’API Cloudflare v4 Exposer un tunnel local sécurisé Configurer avec Terraform Documentation
Personnaliser votre site
Personnaliser avec Workers Modification des en-têtes Redirecteur conditionnel de requêtes Test A/B Parcourir tous les extraits de code
Développer des applications sans serveur
Déployer avec Workers pour les développeurs Commencer avec des tutoriels Cloner des exemples sur GitHub

What Is A Reverse Proxy? | Proxy Servers Explained

A reverse proxy protects web servers from attacks and can provide performance and reliability benefits. Learn more about forward and reverse proxies.

Share facebook icon linkedin icon twitter icon email icon
What is a CDN?
CDN Performance
CDN SSL TLS Security
CDN Reliability
CDN Glossary

Reverse Proxy

Objectifs d’apprentissage

Après avoir lu cet article, vous pourrez :

  • Define a proxy server
  • Describe the differences between a forward and reverse proxy
  • Outline the benefits of using a reverse proxy

Contenu associé

What is a CDN Data Center?

What is Anycast?

What is an Origin Server?

Cache Control

CDN SSL TLS Security

What is a reverse proxy?

A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability. In order to better understand how a reverse proxy works and the benefits it can provide, let’s first define what a proxy server is.

What’s a proxy server?

A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman.

For example, let’s name 3 computers involved in a typical forward proxy communication:

  • A: This is a user’s home computer
  • B: This is a forward proxy server
  • C: This is a website’s origin server (where the website data is stored)
Forward Proxy Flow

In a standard Internet communication, computer A would reach out directly to computer C, with the client sending requests to the origin server and the origin server responding to the client. When a forward proxy is in place, A will instead send requests to B, which will then forward the request to C. C will then send a response to B, which will forward the response back to A.

Why would anyone add this extra middleman to their Internet activity? There are a few reasons one might want to use a forward proxy:

  • To avoid state or institutional browsing restrictions - Some governments, schools, and other organizations use firewalls to give their users access to a limited version of the Internet. A forward proxy can be used to get around these restrictions, as they let the user connect to the proxy rather than directly to the sites they are visiting.
  • To block access to certain content - Conversely, proxies can also be set up to block a group of users from accessing certain sites. For example, a school network might be configured to connect to the web through a proxy which enables content filtering rules, refusing to forward responses from Facebook and other social media sites.
  • To protect their identity online - In some cases, regular Internet users simply desire increased anonymity online, but in other cases, Internet users live in places where the government can impose serious consequences to political dissidents. Criticizing the government in a web forum or on social media can lead to fines or imprisonment for these users. If one of these dissidents uses a forward proxy to connect to a website where they post politically sensitive comments, the IP address used to post the comments will be harder to trace back to the dissident. Only the IP address of the proxy server will be visible.

How is a reverse proxy different?

A reverse proxy is a server that sits in front of one or more web servers, intercepting requests from clients. This is different from a forward proxy, where the proxy sits in front of the clients. With a reverse proxy, when clients send requests to the origin server of a website, those requests are intercepted at the network edge by the reverse proxy server. The reverse proxy server will then send requests to and receive responses from the origin server.

The difference between a forward and reverse proxy is subtle but important. A simplified way to sum it up would be to say that a forward proxy sits in front of a client and ensures that no origin server ever communicates directly with that specific client. On the other hand, a reverse proxy sits in front of an origin server and ensures that no client ever communicates directly with that origin server.

Once again, let’s illustrate by naming the computers involved:

  • D: Any number of users’ home computers
  • E: This is a reverse proxy server
  • F: One or more origin servers
Reverse Proxy Flow

Typically all requests from D would go directly to F, and F would send responses directly to D. With a reverse proxy, all requests from D will go directly to E, and E will send its requests to and receive responses from F. E will then pass along the appropriate responses to D.

Below we outline some of the benefits of a reverse proxy:

  • Load balancing - A popular website that gets millions of users every day may not be able to handle all of its incoming site traffic with a single origin server. Instead, the site can be distributed among a pool of different servers, all handling requests for the same site. In this case, a reverse proxy can provide a load balancing solution which will distribute the incoming traffic evenly among the different servers to prevent any single server from becoming overloaded. In the event that a server fails completely, other servers can step up to handle the traffic.
  • Protection from attacks - With a reverse proxy in place, a web site or service never needs to reveal the IP address of their origin server(s). This makes it much harder for attackers to leverage a targeted attack against them, such as a DDoS attack. Instead the attackers will only be able to target the reverse proxy, such as Cloudflare’s CDN, which will have tighter security and more resources to fend off a cyber attack.
  • Global Server Load Balancing (GSLB) - In this form of load balancing, a website can be distributed on several servers around the globe and the reverse proxy will send clients to the server that’s geographically closest to them. This decreases the distances that requests and responses need to travel, minimizing load times.
  • Caching - A reverse proxy can also cache content, resulting in faster performance. For example, if a user in Paris visits a reverse-proxied website with web servers in Los Angeles, the user might actually connect to a local reverse proxy server in Paris, which will then have to communicate with an origin server in L.A. The proxy server can then cache (or temporarily save) the response data. Subsequent Parisian users who browse the site will then get the locally cached version from the Parisian reverse proxy server, resulting in much faster performance.
  • SSL encryption - Encrypting and decrypting SSL (or TLS) communications for each client can be computationally expensive for an origin server. A reverse proxy can be configured to decrypt all incoming requests and encrypt all outgoing responses, freeing up valuable resources on the origin server.

How to implement a reverse proxy

Some companies build their own reverse proxies, but this requires intensive software and hardware engineering resources, as well as a significant investment in physical hardware. One of the easiest and most cost-effective ways to reap all the benefits of a reverse proxy is by signing up for a CDN service. For example, the Cloudflare CDN provides all the performance and security features listed above, as well as many others.

Pour vous garantir une expérience optimale sur notre site Web, il se peut que nous utilisions des cookies, comme décrit ici.
En cliquant sur J’accepte, en fermant cette bannière ou en continuant à naviguer sur notre site Web, vous acceptez l’utilisation de ces cookies.