Forward proxy vs. reverse proxy

A forward proxy is the most common form of a proxy server and provides proxy services to either one or several clients. These clients often belong to a common internal network.

In general, forward proxies are used to pass requests from a network to the internet via a firewall. The proxy server first checks whether a request is valid. If it isn’t, it is not transmitted by the proxy. The client then receives an error message or a forwarding address.

If, however, a request is valid, the forward proxy can check whether the requested information has already been cached. Assuming this is the case, the forward proxy provides the cached information.

If this is not the case, the request is sent through a firewall to a content server outside the network that returns the information to the forward proxy. The proxy, in turn, forwards this information to the client and can cache it for future requests.

A reverse proxy, on the other hand, is used to transmit requests from the internet to internal networks via a firewall. Reverse proxies can prevent internet clients from gaining direct, unmonitored access to confidential data residing on content servers in an isolated network or intranet.

Like a forward proxy, a reverse proxy server first checks whether an external client’s request is valid. The processing of a request is then analogous to the procedure of a forward proxy, with the difference that if valid, requests are forwarded to an internal network and not the internet.